The URL can be used to link to this page

Home My WebLink AboutAgreement A-22-310 with VFA.pdf Agreement No. 22-310 1 AGREEMENT 2 3 THIS AGREEMENT ("Agreement") is made and entered into this 12'" day of July , 4 2022 ("Effective Date"), by and between the County of Fresno, a political subdivision of the state of 5 California ("COUNTY"), and VFA, Inc., a Delaware corporation, whose address is 11500 Alterra Parkway, 6 Suite 110, Austin, TX 78758 ("CONTRACTOR"). 7 WITNESSETH: 8 9 WHEREAS, the COUNTY and CONTRACTOR previously entered into Agreement 21-034 with 10 Accruent, LLC. to provide a Computerized Maintenance Management System (CMMS)for work order 11 management, inventory control, mobile functionality, and capital planning tools. 12 WHEREAS, CONTRACTOR was previously operating as part of Accruent, LLC., but has now 13 become a separate business entity due to a corporate restructuring; 14 WHEREAS, in order to continue maintaining COUNTY buildings, the COUNTY desires to continue 15 utilizing the capital planning tools and services provided by CONTRACTOR; and 16 WHEREAS, COUNTY and CONTRACTOR desire to execute this Agreement for software 17 maintenance, support, and related services. 18 NOW, THEREFORE, in consideration of the mutual covenants, terms and conditions contained 19 herein, the parties hereto agree as follows: 20 1. DEFINITIONS: 21 The following terms are defined as follows for purposes of this Agreement: 22 Change Control Process means the process used by the Information Services Division of 23 COUNTY's Internal Services Department ("ISD") to inform COUNTY staff of new or updated production 24 use systems. 25 ISD is the COUNTY's Internal Services Department. 26 License is the license granted under Section 2(A) of this Agreement, and the rights and 27 obligations that it creates under the laws of the United States of America and the State of California, 28 -1- 1 including without limitation, copyright and intellectual property law. 2 System refers to the System Software and System Documentation, collectively, including all 3 modifications and updates and Third-Party Software. 4 System Documentation means the documentation relating to the use of the System Software, 5 including all instructions, release notes, manuals, and online help files in the form generally made 6 available by CONTRACTOR. 7 System Software is the computer software provided and hosted by CONTRACTOR, including 8 VFA Facility (VFA). VFA provides capital planning assessment and budgeting tools for COUNTY 9 buildings. All systems are web applications that will be accessed via internet browsers on personal 10 computers, and via applications on mobile devices. System Software does not include operating system 11 software, or any other Third-Party Software. 12 System Software Maintenance and Support means software hosting for System Software, 13 regular software updates to System Software, and support provided for System Software in case of 14 errors, mistakes, or other technical difficulties. 15 Third-Party Software is software in object code form, including documentation and updates, 16 owned by an entity other than CONTRACTOR, which is to be provided to COUNTY by CONTRACTOR 17 on a pass-through, reseller, or OEM basis. 18 2. OBLIGATIONS OF THE CONTRACTOR 19 A. SOFTWARE LICENSE 20 1) GRANT OF LICENSE 21 CONTRACTOR grants to COUNTY, and COUNTY accepts a non-exclusive, non-transferable, 22 perpetual License to use the System Software, subject to the terms and conditions set forth in this 23 Agreement. This License shall not survive termination or expiration of this Agreement unless COUNTY 24 renews such License and/or continues to purchase System Software Maintenance and Support. If 25 County does not renew such License and/or continues to purchase System Software Maintenance and 26 Support, this License shall terminate. 27 2) SCOPE OF LICENSE 28 -2- 1 The License granted under this Agreement consists solely of the non-exclusive, non-transferable 2 right of COUNTY to operate the System Software. 3 3) OWNERSHIP 4 The parties acknowledge and agree that, as between CONTRACTOR and COUNTY, title and 5 full ownership of all rights in and to the System Software, System Documentation, and all other materials 6 provided to COUNTY by CONTRACTOR under the terms of this Agreement shall remain with 7 CONTRACTOR. COUNTY will take reasonable steps to protect trade secrets of the System Software 8 and System Documentation. COUNTY may not disclose or make available to third parties the System 9 Software or System Documentation, or any portion of either. CONTRACTOR owns all right, title and 10 interest in and to all CONTRACTOR's corrections, modifications, or enhancements to the System that 11 are conceived, created or developed, alone or with COUNTY or others, as a result of or related to the 12 performance of this Agreement, including all proprietary rights therein and based thereon. For purposes 13 of this Agreement, "enhancement" means new software that is an interface between the System 14 Software and other software. Except and to the extent expressly provided herein, CONTRACTOR does 15 not grant to COUNTY any right or license, express or implied, in or to the System. The parties 16 acknowledge and agree that, as between CONTRACTOR and COUNTY, full ownership of all rights in 17 and to all COUNTY data, whether in magnetic or paper form, including without limitation printed output 18 from the System, are the exclusive property of COUNTY. 19 4) POSSESSION, USE, AND UPDATE OF SOFTWARE 20 COUNTY agrees that COUNTY will only use the System Software for COUNTY purposes, as 21 provided in this Agreement. CONTRACTOR may, at reasonable times, inspect the COUNTY's premises 22 and equipment to verify that all of the terms and conditions of the License are being observed. 23 CONTRACTOR may create, from time to time, updated versions of the System Software and System 24 Documentation, and CONTRACTOR shall make such System updates available to COUNTY. All 25 System updates shall be licensed and included under the terms of this Agreement. COUNTY agrees to 26 follow the prescribed instructions for updating System Software and System Documentation provided to 27 COUNTY by CONTRACTOR. 28 -3- 1 5) POSSESSION AND USE OF SOURCE CODE 2 Source code and other material that results from custom programming by CONTRACTOR 3 released to COUNTY under the License are deemed CONTRACTOR software, subject to all of the 4 terms and conditions of the License. The scope of COUNTY's permitted use of the custom source code 5 under the License is limited to maintenance and support of the System Software. For purposes of this 6 Section, the term "maintenance and support" means correction of System Software errors and 7 preparation of System Software modifications and updates. If COUNTY creates computer code in the 8 process of developing an enhancement for the System Software, that specific new code shall be 9 considered a derivative work from the System Software and shall be owned by CONTRACTOR, the 10 right of which to use shall be limited to those granted to COUNTY in this Agreement. However, if both 11 parties agree in writing that COUNTY's enhancement does not result in the creation of a derivative work 12 from the System Software, the copyright to such derivative work shall be owned by COUNTY, and may 13 be used by COUNTY's employees, officers, or agents for COUNTY's own internal business operations 14 to carry out public functions that benefit the public, including individual members of the public. 15 6) RESTRICTIONS ON USE 16 COUNTY shall not itself, or through any affiliate, employee, consultant, contractor, agent, or 17 other third party: (i) license, sublicense, sell, resell, transfer, assign, distribute, host, lease, rent or 18 otherwise commercially exploit or make available to any third party the System Software, its content, 19 Services, the System Documentation, or CONTRACTOR'S or its licensors' Intellectual Property or 20 Confidential Information (collectively "Protected Materials") in any way; (ii) modify, decipher, decompile, 21 disassemble, reverse assemble, translate, reverse engineer or otherwise attempt to derive source code, 22 algorithms, tags, specifications, architecture, structure or other elements of the System Software, 23 including the license keys, in whole or in part, for any purpose, or make derivative works based upon the 24 System Software, the System Documentation, or the Protected Materials; (iii) create Internet "links" to 25 the System Software or"frame" or"mirror" any System Documentation on any other server or wireless 26 or Internet-based device; (iv) use the System to send spam or otherwise duplicative or unsolicited 27 messages in violation of applicable law; (v) use the System to send or store infringing, obscene, 28 -4- 1 threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or 2 violative of third party privacy rights; (iv) use the System to send or store material containing software 3 viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (vii) 4 interfere with or disrupt the integrity or performance of the System Software or the data contained 5 therein, including but not limited to COUNTY data; (viii) attempt to gain unauthorized access to the 6 System Software or its related systems or networks; (ix) reverse-engineer or access the System 7 Software in order to (a) build a competitive product or service, (b) build a product using similar ideas, 8 features, functions or graphics of the System Software, or (c) copy any ideas, features, functions or 9 graphics of the System Software; (x) allow access to, provide, divulge or make available the Protected 10 Materials to any user other than Client's employees and individual contractors who have a need to such 11 access and who are bound by confidentiality obligations as least as restrictive as the terms of this 12 Agreement. 13 No right or license is granted under this Agreement for the use of the System, directly or 14 indirectly, for the benefit of any other person or entity, except as provided in this Agreement. 15 7) INTELLECTUAL PROPERTY, TRADEMARK, AND COPYRIGHT 16 CONTRACTOR retains ownership of and all rights in the System Software, any portions or 17 copies thereof. CONTRACTOR reserves all rights not expressly granted to COUNTY. This License does 18 not grant COUNTY any rights in connection with any trademarks or service marks of CONTRACTOR, its 19 suppliers, or licensors. All right, title, interest and copyrights in and to the System, and any copies of the 20 System Software are owned by CONTRACTOR, its suppliers or its licensors. All title and intellectual 21 property rights in and to the content which may be accessed through use of the System Software are 22 the property of the respective content owner, and may be protected by applicable copyright or other 23 intellectual property laws and treaties. This License grants COUNTY no rights to use such content. 24 B. SERVICES TO BE PROVIDED BY CONTRACTOR TO COUNTY 25 8) Building Assessments 26 CONTRACTOR will provide building assessment services to input building condition data into 27 the System Software on an as-needed basis. CONTRACTOR shall prepare a Statement of Work 28 -5- 1 (SOW) and invoice for each building or group of buildings to be approved by the Contract Administrator, 2 as defined in Section 3 below. 3 9) System Maintenance and Support by Contractor 4 CONTRACTOR shall provide System Software Maintenance and Support. System maintenance 5 and support includes, but is not limited to, hosting of the System Software, and updates to the System 6 Software as they are released by CONTRACTOR, including updates required because of federal 7 regulatory changes. CONTRACTOR shall support day-to-day operation of the System as follows: 8 a. SUPPORT HOURS/SCOPE: 9 Provide unlimited technical assistance by phone during normal coverage hours 10 8:00 a.m. to 5:00 m. Pacific Standard Time PST Monday through Friday, except for ( p� (PST), Y 9 Y, p 11 days that are holidays for either CONTRACTOR or COUNTY), toll-free telephone 12 assistance to keep the System in, or restored to, normal operating condition in 13 conformance with the specifications set forth in this Agreement. The object of this support 14 will be to answer questions related to the System Software and the application thereof. 15 Support provided under this Agreement does not include training of new COUNTY 16 personnel after initial staff is trained, operation of hardware, or solving hardware or 17 software problems unrelated to the System Software. 18 b. SUPPORT RESPONSE: 19 During the term of this Agreement, CONTRACTOR will (a) correct any error or 20 malfunctions in the System that prevent the System from operating in conformance with 21 the specifications set forth in Section 1 and Section 2.0 of this Agreement, or (b) provide 22 a commercially reasonable alternative that will conform to the specifications set forth in in 23 Section 1 of this Agreement. 24 If analysis by CONTRACTOR indicates a reported problem is caused by a 25 reproducible error or malfunction in the then-current release of the System Software, 26 which significantly impedes effective use of the System by COUNTY for the COUNTY's 27 purposes described in the recitals and in Section 2 above, CONTRACTOR will, if the 28 -6- 1 System is inoperable, as reported by COUNTY, provide continuous effort to correct the 2 error or to resolve the problem by providing a circumvention. 3 In such cases, CONTRACTOR will provide COUNTY with corrective information, 4 such as corrective documentation, corrective program code in the form of an update to 5 the System Software, or both. CONTRACTOR shall respond to COUNTY's service 6 request no later than four (4) business hours from the time a call is received by 7 CONTRACTOR. If a person with the necessary expertise is not available when the call is 8 received, CONTRACTOR will promptly notify COUNTY of that fact, and then endeavor to 9 respond to the service request no later than within one (1) business day. 10 c. ERROR CORRECTION PROCESS 11 If, during the term of this Agreement, COUNTY determines that a System Software error exists, 12 COUNTY will first follow the error procedures specified in the System Documentation. If following the 13 error procedures does not correct the software error, COUNTY shall immediately notify CONTRACTOR 14 via phone or email, setting forth the defects noted with specificity. 15 10)ADDITIONAL SYSTEM MAINTENANCE SERVICES AND OTHER 16 SERVICES BY CONTRACTOR 17 CONTRACTOR may provide additional maintenance services ("Additional Maintenance and 18 Support Services" or "Additional Maintenance Services") or other services at an additional charge. 19 Charges will be as identified in Section 6 of this Agreement; or, if the Additional Maintenance and 20 Support Services or other services are not specifically listed in this Agreement, charges will be at current 21 prices in effect at the time goods or services are provided. Any Additional Maintenance and Support 22 Services or other services requested by COUNTY and determined by CONTRACTOR not to be 23 specifically listed in this Agreement must be identified as a chargeable service prior to the service being 24 performed, and must be approved in writing in advance by COUNTY's Contract Administrator, as 25 defined in Section 3, below. Additional Maintenance Services include, but are not limited to, the 26 following: 27 a. TRAINING 28 -7- 1 Training is available upon written request by COUNTY at an additional charge under the terms of 2 this Agreement. Requests for training will be reviewed by CONTRACTOR, and must be requested in 3 writing in advance by COUNTY's Contract Administrator. 4 b. DATA AND SYSTEM CORRECTIONS 5 Unauthorized data access is defined as any COUNTY editing of data through other than normal 6 System Software usage, as defined in System Documentation. Unauthorized source code access is 7 defined as any COUNTY access to System Software source code. COUNTY will not pay any 8 compensation to CONTRACTOR for services that result from errors caused by the System Software or 9 instruction provided by CONTRACTOR. 10 11)SYSTEM UPDATES 11 From time to time, CONTRACTOR shall develop and provide updates to the System Software. 12 CONTRACTOR shall provide updates to the System Software at no additional charge to COUNTY 13 during the term of this Agreement. Updates to the System Software are subject to the terms and 14 conditions of this Agreement, and shall be deemed licensed System Software under this Agreement. 15 12)OPERATING SYSTEM UPDATES 16 The System Software must run on an operating system (O/S) that is consistently and currently 17 supported by the O/S vendor. 18 COUNTY will notify CONTRACTOR when a critical security patch is released for the supported 19 O/S or related subsystems. CONTRACTOR will have thirty (30) days to ensure the System Software 20 can perform in the updated environment. With approval from CONTRACTOR, COUNTY will apply 21 patches to both the O/S and non-critical subsystems as releases are available from vendors. The 22 System Software must continue to perform as the O/S and other subsystems are updated. 23 c. ANTI-VIRUS MANAGEMENT 24 COUNTY will actively run anti-virus management, where appropriate, on all application servers 25 and PCs. The System Software is expected to perform adequately while anti-virus management is 26 active. 27 13)ADHERE TO CHANGE CONTROL PROCESS 28 -8- 1 COUNTY employs a procedure to implement updates, upgrades, and version releases to a 2 system that is in production use. CONTRACTOR must inform ISD a minimum of 1 week prior to any 3 planned, non-emergency changes, so that the Change Control Process may be followed. 4 14)OTHER 5 Unless otherwise specified, for Third-Party Software that is required for COUNTY to use the 6 System Software, CONTRACTOR shall provide standard documentation in electronic form (via the 7 Internet or File Transfer Protocol (FTP)). 8 The System Software being provided runs in a Local Area Network and Web environment. As 9 such, the performance of the System Software is directly related to, among other things: available 10 network bandwidth, and the performance of other applications. For this reason, CONTRACTOR makes 11 no guarantees as to System Software response time. 12 Unless provided herein or otherwise in a written mutual agreement, COUNTY will not allow 13 CONTRACTOR to access to COUNTY's intranet, internal data, or email system, and CONTRACTOR 14 shall not require such access in order to provide the System. 15 C. Each party shall comply with all obligations in Attachment A, "Master 16 Agreement," attached and incorporated by this reference. In the event of a conflict between any of the 17 terms of the Master Agreement and this Agreement, the terms of this Agreement shall control. 18 3. OBLIGATIONS OF COUNTY 19 A. COUNTY CONTRACT ADMINISTRATOR 20 COUNTY hereby appoints its Director of Internal Services/Chief Information Officer, or his or her 21 designee, as COUNTY's Contract Administrator, with full authority to deal with CONTRACTOR in the 22 administration of this Agreement. 23 B. SYSTEM HARDWARE AND SYSTEM SOFTWARE 24 COUNTY will, at its own expense, provide and properly maintain and update on an ongoing 25 basis all necessary hardware required to operate the System Software. COUNTY's hardware shall meet 26 or exceed CONTRACTOR's recommendations, as provided in the System Documentation. 27 C. OTHER COUNTY OBLIGATIONS 28 -9- 1 1) COUNTY's ISD staff will provide technical assistance to CONTRACTOR 2 during the installation of the System Software. In particular, COUNTY will 3 provide: 4 a. Network connectivity and troubleshooting assistance; 5 b. Ability for COUNTY staff to monitor network traffic and isolate 6 bottlenecks; 7 c. Technical assistance concerning the integration with existing COUNTY 8 systems (if applicable); and 9 d. Expertise to handle issues with COUNTY PCs, printers, and cabling 10 before, during, and after First Production Use. 11 4. TERM 12 The term of this Agreement shall be for a period commencing on the Effective Date through and 13 including February 8, 2024. This Agreement may be extended for two (2) additional consecutive twelve (12) 14 month periods automatically, unless notice of non-renewal is provided no later than thirty (30)days prior to 15 the first day of the next twelve (12) month extension period. 16 5. TERMINATION 17 A. Non-Allocation of Funds - The terms of this Agreement, and the services to be provided 18 hereunder, are contingent on the approval of funds by the appropriating government agency. Should 19 sufficient funds not be allocated, the services provided may be modified, or this Agreement terminated, 20 at an time without penalty b giving the CONTRACTOR thirty 30 days advance written notice. Y p Y Yg� g Y ( ) Y 21 B. Breach of Contract - The COUNTY may immediately suspend or terminate this 22 Agreement in whole or in part, where in the determination of the COUNTY there is: 23 1) An illegal or improper use of funds; 24 2) A failure to comply with any term of this Agreement that has not been 25 corrected within thirty days written notice of the details of such failure; 26 3) A substantially incorrect or incomplete report submitted to the COUNTY; 27 4) Improperly performed service. 28 -10- 1 In no event shall any payment by the COUNTY constitute a waiver by the COUNTY of any breach 2 of this Agreement or any default which may then exist on the part of the CONTRACTOR. Neither shall such 3 payment impair or prejudice any remedy available to the COUNTY with respect to the breach or default. 4 The COUNTY shall have the right to demand of the CONTRACTOR the repayment to the COUNTY of any 5 funds disbursed to the CONTRACTOR under this Agreement, which in the judgment of the COUNTY were 6 not expended in accordance with the terms of this Agreement. The CONTRACTOR shall promptly refund 7 any such funds upon demand. 8 C. Without Cause - Under circumstances other than those set forth above, this Agreement 9 may be terminated by COUNTY by giving thirty (30) days advance written notice of an intention to 10 terminate to CONTRACTOR. 11 6. COMPENSATION/INVOICING: COUNTY agrees to pay CONTRACTOR, and 12 CONTRACTOR agrees to receive compensation, as follows: 13 A. Software Support and Maintenance/Subscription Fees: 14 COUNTY agrees to compensate CONTRACTOR for support, maintenance and subscription fees as 15 described below: 16 Year 1 Year 2 Year 3 Year 4 VFA Facility $41,052.69 $43,105.32 $46,122.70 $49,351.29 17 * Asset Connect $8,210.54 $8,621.06 $9,224.54 $9,870.26 18 Subtotal $49,263.23 $51,726.38 $55,347.24 $59,221.55 Total $215,558.40 19 20 +The table above reflects that the maximum annual increase to fees during the initial 2-year term shall not exceed 5%. Thereafter,the maximum annual increase to fees shall not exceed 7%. 21 22 Additional modules may be added to the System Software as determined necessary by the Contract 23 Administrator. The total cost for these additional modules shall not exceed $84,441.60 for the term of 24 the Agreement. The maximum total compensation payable for software support and maintenance and 25 annual subscription fees is $300,000.00 for the term of the Agreement. 26 B. Building Assessments 27 COUNTY agrees to compensate CONTRACTOR for requested Building Assessment services. 28 CONTRACTOR shall provide a written quotation for the required services for approval by the -11- 1 COUNTY's Contract Administrator. The maximum total compensation available to be paid for Building 2 Assessment is $500,000.00. 3 C. Additional Services: 4 COUNTY may request additional services, including training, implementation services, or other 5 services that are not otherwise included under this Agreement, and that COUNTY, in consultation with 6 CONTRACTOR, deems necessary for additional fees. CONTRACTOR will provide a written quotation for 7 the required services for approval by the COUNTY's Contract Administrator. The maximum total 8 compensation available to be paid for these additional services is $70,000. 9 CONTRACTOR shall submit monthly invoices referencing the provided contract number via email, 10 to the Internal Services Business Office (ISDBusinessOffice(a-)_FresnoCountVCA.go ) or via mail to County 11 of Fresno, Department of Internal Services, Attention: Business Office, 333 W. Pontiac Way, Clovis, CA 12 93612. COUNTY shall pay CONTRACTOR within forty-five (45) days of receipt of an approved invoice. 13 COUNTY shall remit payment to CONTRACTOR's address specified in the approved invoice. 14 The total maximum compensation payable to CONTRACTOR during the first two years of this 15 Agreement is $756,000.00. If this Agreement is extended for the first additional year as provided in Section 16 4, above, the total maximum compensation payable to CONTRACTOR will increase to $811,000.00. The 17 maximum total compensation payable for all goods and services under this Agreement for all four years, if 18 the Agreement is extended for both additional years as provided in Section 4, above, is $870,000.00. It is 19 understood that all expenses incidental to CONTRACTOR's performance of services under this Agreement 20 shall be borne solely by CONTRACTOR. 21 7. INDEPENDENT CONTRACTOR: In performance of the work, duties and obligations 22 assumed by CONTRACTOR under this Agreement, it is mutually understood and agreed that 23 CONTRACTOR, including any and all of the CONTRACTOR'S officers, agents, and employees will at all 24 times be acting and performing as an independent contractor, and shall act in an independent capacity 25 and not as an officer, agent, servant, employee, joint venturer, partner, or associate of the COUNTY. 26 Furthermore, COUNTY shall have no right to control or supervise or direct the manner or method by 27 which CONTRACTOR shall perform its work and function. However, COUNTY shall retain the right to 28 -12- 1 administer this Agreement so as to verify that CONTRACTOR is performing its obligations in 2 accordance with the terms and conditions thereof. 3 CONTRACTOR and COUNTY shall comply with all applicable provisions of law and the rules and 4 regulations, if any, of governmental authorities having jurisdiction over matters the subject thereof. 5 Because of its status as an independent contractor, CONTRACTOR shall have absolutely no right 6 to employment rights and benefits available to COUNTY employees. CONTRACTOR shall be solely liable 7 and responsible for providing to, or on behalf of, its employees all legally-required employee benefits. In 8 addition, CONTRACTOR shall be solely responsible and save COUNTY harmless from all matters relating 9 to payment of CONTRACTOR'S employees, including compliance with Social Security withholding and all 10 other regulations governing such matters. It is acknowledged that during the term of this Agreement, 11 CONTRACTOR may be providing services to others unrelated to the COUNTY or to this Agreement. 12 8. MODIFICATION: Any matters of this Agreement may be modified from time to time by 13 the written consent of all the parties without, in any way, affecting the remainder. 14 9. NON-ASSIGNMENT: Neither party shall assign, transfer or sub-contract this Agreement 15 nor their rights or duties under this Agreement without the prior written consent of the other party, which 16 shall not be unreasonably withheld, conditioned or delayed. 17 10. HOLD HARMLESS: CONTRACTOR agrees to indemnify, save, hold harmless, and 18 defend the COUNTY, its officers, agents, and employees from any and all costs and expenses 19 (including attorney's fees and costs), damages, liabilities, claims, and losses occurring or resulting to 20 COUNTY in connection with the performance, or failure to perform, by CONTRACTOR, its officers, 21 agents, or employees under this Agreement, and from any and all costs and expenses (including 22 attorney's fees and costs), damages, liabilities, claims, and losses occurring or resulting to any person, 23 firm, or corporation who may be injured or damaged by the performance, or failure to perform, of 24 CONTRACTOR, its officers, agents, or employees under this Agreement. The provisions of this Section 25 10 shall survive termination of this Agreement. The foregoing indemnity is conditional upon COUNTY 26 providing prompt written notice to CONTRACTOR of any indemnity claim within 30 days of such claim 27 arising, allowing CONTRACTOR to control the defense of any such claim, and providing all reasonable 28 -13- 1 assistance requested by CONTRACTOR related to such claim. CONTRACTOR shall not have the right 2 to settle any such claim without COUNTY's consent. 3 11. INSURANCE 4 A. Required Policies 5 Without limiting the COUNTY's right to obtain indemnification from CONTRACTOR or any third 6 parties, CONTRACTOR, at its sole expense, shall maintain in full force and effect the following insurance 7 policies throughout the term of the Agreement: 8 1. Commercial General Liability. Commercial general liability insurance with limits of not less 9 than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million 10 Dollars ($4,000,000). This policy must be issued on a per occurrence basis. CONTRACTOR will 11 provide evidence via certificate of insurance additional insured status for County of Fresno, its 12 officer, agents, employees, and volunteers, individually and collectively, but only insofar as the 13 operations under the agreement are concerned. Such coverage for additional insureds will apply as 14 primary insurance and any other insurance, or self-insurance, maintained by COUNTY is excess 15 only and not contributing with insurance provided under CONTRACTOR's policy. 16 2. Automobile Liability. Automobile liability insurance with limits of not less than One Million 17 Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must 18 include any auto used in connection with this Agreement. 19 3. Workers Compensation. Workers compensation insurance as required by the California 20 Labor Code. 21 4. Technology Professional Liability. Technology professional liability (errors and omissions) 22 insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage 23 must encompass all of CONTRACTOR's obligations under this Agreement, including but not limited 24 to claims involving Cyber Risks. 25 5. Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars 26 ($2,000,000) per occurrence. Coverage must include, but not be limited to, claims involving Cyber 27 Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, 28 -14- 1 alteration of, loss of, or destruction of intangible property(including but not limited to information or 2 data)that is in the care, custody, or control of CONTRACTOR. 3 6. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breaches, 4 which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii costs 5 related to failure of CONTRACTOR's network to protect against destruction, deletion or corruption 6 of COUNTY's electronic data or transmission of viruses to COUNTY computers and systems; (iii) 7 (iv)failure of CONTRACTOR to properly handle, manage, store or control personally identifiable 8 information provided by COUNTY; (v) information theft; (vi) damage to or destruction or alteration of 9 electronic information; (vii) extortion related to CONTRACTOR's obligations under this Agreement 10 regarding electronic information, including Personal Information; (viii) network security; (ix) data 11 breach response costs, including Security Breach response costs; and (x) regulatory fines and 12 penalties related to CONTRACTOR's obligations under this Agreement regarding electronic 13 information, including Personal Information. Capitalized terms in this paragraph have the meaning 14 given to them in Attachment C, "Data Security." 15 B. Additional Requirements Relating to Insurance 16 1. Verification of Coverage. Within 30 days after CONTRACTOR signs this Agreement, 17 CONTRACTOR shall deliver, or cause its broker or producer to deliver, to the ISD Business Office 18 at 333 W. Pontiac Way, Clovis, CA 93612, or at ISDBusinessOffice@fresnocountyca.gov 19 certificates of insurance for all of the coverages required under this Agreement. 20 a. CONTRACTOR hereby waives its right to recover from COUNTY, its officers, 21 agents, and employees any amounts paid by the policy of worker's compensation 22 insurance required by this Agreement. CONTRACTOR is solely responsible to 23 obtain any endorsement to such policy that may be necessary to accomplish such 24 waiver of subrogation, but CONTRACTOR's waiver of subrogation under this 25 paragraph is effective whether or not CONTRACTOR obtains such an endorsement. 26 b. All insurance certificates must state that: (1)the insurance coverage has been 27 obtained and is in full force; (2)that for such worker's compensation insurance the 28 -15- 1 CONTRACTOR has waived its right to recover from the COUNTY, its officers, 2 agents, and employees any amounts paid under the insurance policy and that 3 waiver does not invalidate the insurance policy, and (3) COUNTY, its officers, 4 agents, employees, and volunteers are not responsible for any premiums on the 5 policy. 6 c. The commercial general liability insurance certificate must also state that: (1)the 7 County of Fresno, its officers, agents, employees, and volunteers, individually and 8 collectively, are additional insureds insofar as the operations under this Agreement 9 are concerned; (2)the coverage shall apply as primary insurance and any other 10 insurance, or self-insurance, maintained by COUNTY shall be excess only and not 11 contributing with insurance provided under CONTRACTOR's policy. 12 d. The automobile liability insurance certificate must state that the policy covers any 13 auto used in connection with this Agreement. 14 e. The technology professional liability insurance certificate must also state that 15 coverage encompasses all of CONTRACTOR's obligations under this Agreement, 16 including but not limited to claims involving Cyber Risks, as that term is defined in 17 this Agreement. 18 f. The cyber liability insurance certificate must also state that it is endorsed to cover 19 the full replacement value of damage to, alteration of, loss of, or destruction of 20 intangible property (including but not limited to information or data)that is in the care, 21 custody, or control of CONTRACTOR. 22 2. Acceptability of Insurers. All insurance policies required under this Agreement must 23 be issued by admitted insurers licensed to do business in the State of California and possessing 24 at all times during the term of this Agreement an A.M. Best, Inc. rating of A:VII or greater. 25 3. Notice of Cancellation of Coverage. For each insurance policy required under this 26 Agreement, CONTRACTOR shall provide to COUNTY, or ensure that the policy requires the 27 insurer to provide to COUNTY, written notice of any cancellation or change in the policy as 28 -16- 1 required in this paragraph. For cancellation of the policy for nonpayment of premium, 2 CONTRACTOR shall provide written notice to COUNTY not less than 10 days in advance of 3 cancellation. For cancellation of the policy for any other reason, and for any other change to the 4 policy, CONTRACTOR shall provide written notice to COUNTY not less than 30 days in 5 advance of cancellation or change. COUNTY in its sole discretion may determine that the failure 6 of CONTRACTOR to timely provide a written notice required by this paragraph is a breach of 7 this Agreement. 8 4. County's Remedy for Contractor's Failure to Maintain. If CONTRACTOR fails to keep in 9 effect at all times any insurance coverage required under this Agreement, COUNTY may, in addition 10 to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that 11 failure. 12 12. AUDITS AND INSPECTIONS: The CONTRACTOR shall at any time during business 13 hours, and as often as the COUNTY may deem necessary, make available to the COUNTY for 14 examination all of its records and data with respect to the matters covered by this Agreement. The 15 CONTRACTOR shall, upon request by the COUNTY, permit the COUNTY to audit and inspect all of 16 such records and data necessary to ensure CONTRACTOR'S compliance with the terms of this 17 Agreement. 18 If this Agreement exceeds ten thousand dollars ($10,000.00), CONTRACTOR shall be subject to 19 the examination and audit of the California State Auditor for a period of three (3) years after final payment 20 under contract (Government Code Section 8546.7). 21 13. NOTICES: The persons and their addresses having authority to give and receive notices 22 under this Agreement include the following: COUNTY CONTRACTOR 23 COUNTY OF FRESNO VFA, Inc. 24 Director of Internal Services/CIO 30 Patewood Drive 333 W. Pontiac Way Bldg 2, Suite 350 25 Clovis, CA 93612 Greenville, SC 29615 26 All notices between the COUNTY and CONTRACTOR provided for or permitted under this 27 Agreement must be in writing and delivered either by personal service, by first-class United States mail, or 28 -17- 1 by an overnight commercial courier service. A notice delivered by personal service is effective upon service 2 to the recipient. A notice delivered by first-class United States mail is effective three COUNTY business 3 days after deposit in the United States mail, postage prepaid, addressed to the recipient. A notice delivered 4 by an overnight commercial courier service is effective one COUNTY business day after deposit with the 5 overnight commercial courier service, delivery fees prepaid, with delivery instructions given for next day 6 delivery, addressed to the recipient. For all claims arising out of or related to this Agreement, nothing in this 7 section establishes, waives, or modifies any claims presentation requirements or procedures provided by 8 law, including but not limited to the Government Claims Act (Division 3.6 of Title 1 of the Government Code, 9 beginning with section 810). 10 14. VENUE AND GOVERNING LAW: Venue for any action arising out of or related to this 11 Agreement shall only be in Fresno County, California. 12 The rights and obligations of the parties and all interpretation and performance of this Agreement 13 shall be governed in all respects by the laws of the State of California. 14 15. DISCLOSURE OF SELF-DEALING TRANSACTIONS 15 This provision is only applicable if the CONTRACTOR is operating as a corporation (a for-profit 16 or non-profit corporation) or if during the term of the agreement, the CONTRACTOR changes its status 17 to operate as a corporation. 18 Members of the CONTRACTOR's Board of Directors shall disclose any self-dealing transactions 19 that they are a party to while CONTRACTOR is providing goods or performing services under this 20 agreement. A self-dealing transaction shall mean a transaction to which the CONTRACTOR is a party 21 and in which one or more of its directors has a material financial interest. Members of the Board of 22 Directors shall disclose any self-dealing transactions that they are a party to by completing and signing a 23 Self-Dealing Transaction Disclosure Form, attached hereto as Attachment B and incorporated herein by 24 reference, and submitting it to the COUNTY prior to commencing with the self-dealing transaction or 25 immediately thereafter. 26 16. ENTIRE AGREEMENT: This Agreement constitutes the entire agreement between the 27 CONTRACTOR and COUNTY with respect to the subject matter hereof, and supersedes all previous 28 -18- 1 Agreement negotiations, proposals, commitments, writings, advertisements, publications, and 2 understanding of any nature whatsoever unless expressly included in this Agreement including 3 CONTRACTOR's Master Agreement, dated April 2020. In the event of any inconsistency in interpreting 4 the documents which constitute this Agreement, the inconsistency shall be resolved by giving 5 precedence in the following order of priority: (1) the text of this Agreement; (2) any attached Statement 6 of Work (SOW); and (3) any other attachment. 7 /// 8 /// 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 -19- 1 IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the day and year first 2 hereinabove written. 3 CONTRACTOR COLT.Y OF FRESNO 5 Angela S. Michelini Brian Pacheco, Chairman of the Board of 6 Supervisors of the County of Fresno 7 8 9 10 ATTEST: Bernice E. Seidel 11 Clerk of the Board of Supervisors County of Fresno, State of California 12 13 14 By: 15 Deputy 16 FOR ACCOUNTING USE ONLY: 17 Fund: 1045 18 Subclass: 10000 19 ORG: 8935 20 Account: 7205 21 22 23 24 25 26 27 28 -20- Attachment A Master Agreement This MASTER AGREEMENT(this "Agreement") is entered into between VFA, Inc., a Delaware corporation with its principal place of business at 30 Patewood Drive,Suite 350, Greenville,SC 29615 ("VFA")and City of Fresno with its principal place of business at ("Client").The effective date of this Agreement is ("Effective Date"). For good and valuable consideration,the sufficiency of which is hereby acknowledged,the parties agree as follows: 1. DEFINITIONS. 1.1. "VFA Software"is each VFA-developed and/or VFA-owned software product in machine readable object code(not source code)and any Updates, Upgrades,or revisions to such software. 1.2. "Agreement"includes this Master Agreement its exhibits,as well as any documents,amendments,order forms,statements of work(SOW), or other relevant documentation that is attached hereto and/or included by reference. 1.3. "Affiliate"is an entity that is a subsidiary of or under common control of the applicable entity. 1.4. "Authorized User(s)"are(i)Client's employees,and(ii)Client's consultants,contractors,or agents,approved in writing by VFA(which will not be unreasonably withheld,conditioned,or delayed) it being understood that VFA may reasonably withhold approval for competitors of VFA. 1.5. "Change of Control" means (i) the sale of all or substantially all of its stock or assets of a party to another entity; (ii) any merger, consolidation,or acquisition of a party with an entity that is not an Affiliate;or(iii)any change in the ownership of more than 50%of the voting capital stock of a party in one or more related transactions. 1.6. "Client Data"is data,excluding Resultant Data(defined below),that Client provides,generates,transfers,or makes available to VFA under this Agreement. 1.7. "Documentation" is paperwork, manuals,or other types of instruction regarding use of the Software made available to Client by VFA in electronic format(or in print upon request),including but not limited to user instructions,release notes,manuals,and help files. 1.8. "Fees"are any monetary amounts set forth in this Agreement to be paid to VFA by Client. 1.9. "License Metrics"are the limitations on the license for SaaS Services, based on usage and set out in an Order Document; License Metrics are measured by a certain term,including but not limited to number of leases,square footage,number of locations,or reports. 1.10. "Malicious Code"includes computer viruses,worms,time bombs,Trojan horses,and other harmful or malicious code,files,scripts,agents, or programs. 1.11. "Maintenance" is the collective support services for the Software, including but not limited to the provision of Updates for the Services ordered. Maintenance is subject to VFA's Support and Maintenance Policy(as may be amended by VFA) in effect at the time the services are provided. For the avoidance of doubt,Maintenance expressly excludes Professional Services. 1.12. "Order Document"is a document or set of documents executed by the parties which describes order-specific information and incorporates by reference the terms of the Agreement.An Order Document may not be specifically called an Order Document;it can be referred to by another name,such as a statement of work. Any Software or SaaS Services provided via an Order Document are subject to the terms and conditions of this Agreement. 1.13. "Overages-Any use of the Software or SaaS over the committed metric amount. 1.14. "Partner" is a third-party vendor or subcontractor under an agreement with VFA to provide services in support of VFA's SaaS Services and/or Software,as well as any other obligations under this Agreement. 1.15. "Partner Software" is software (in object code form), and any of its Updates, upgrades, or revisions, including Documentation, that is owned by a Partner and provided to Client by VFA on a pass-through,reseller,or original equipment manufacturer(OEM)basis. 1.16. "Professional Services"are services provided by VFA,or an authorized Partner,as set forth in the Agreement;these may include, but are not limited to data conversion, implementation, site planning, configuration, integration and deployment of the SaaS Services, training, project management,assessment services and other consulting services. 1.17. "Resultant Data"is aggregated and anonymized data and information,including Client Data and Usage Data,relating to Client's use of the Services. Resultant Data is aggregated and anonymized so that no identifiable information is present and may be used by VFA,in any form, for any lawful purpose. 1.18. "SaaS Services"is the provision of the Software, hosted by VFA or its Partners and accessed via the internet,as a service and as set forth on an applicable Order Document. 1.19. "Software"includes both the VFA Software and any applicable Partner Software. 1.20. "Support"is a service in which VFA provides technical support for the services and is provided pursuant to VFA's Support and Maintenance Policy available in the support portal (as may be amended by VFA) in effect at the time the services are provided. For the avoidance of doubt,Support expressly excludes Professional Services. 1.21. "Upgrades"are the new products or functionality for which VFA generally charges a separate fee. 1.22. "Updates" are the error corrections, modifications, or security or product enhancements which VFA makes generally available to its customers as part of the Maintenance. 1 2. ENTIRE AGREEMENT.No modification to the Agreement will be binding unless in writing and signed by an authorized representative of each party. 3. INTELLECTUAL PROPERTY. Except for rights expressly granted under this Agreement, nothing in this Agreement shall transfer any of either party's Intellectual Property rights to the other,and each party will retain an exclusive interest in and ownership of its Intellectual Property. "Intellectual Property" includes, without limitation, inventions, technology, patent rights (including patent applications and disclosures), copyrights, trade secrets, trademarks, service marks, trade dress, methodologies, procedures, processes, know-how, tools, utilities, techniques, various concepts, ideas, methods, models, templates, software, source code, algorithms, the generalized features of the structure,sequence and organization of software,user interfaces and screen designs,general purpose consulting and software tools,utilities and routines, logic, coherence and methods of operation of systems, and training methodology and materials. VFA's Intellectual Property includes, but is not limited to, any work that VFA creates,acquires, or otherwise has rights in, including any works created pursuant to this Agreement, except for any portion of such works that consist of Client's Intellectual Property. Client Data will be considered Client's Intellectual Property, except for Resultant Data, which will not be considered a derivative of Client Data.VFA may, in connection with the performance of services hereunder, create, employ, provide, modify, acquire, or otherwise obtain rights in, and any and all intellectual property rights,recognized in any country or jurisdiction in the world,now or hereafter existing,whether or not perfected,filed,or recorded. 4. FINANCIAL TERMS. 4.1. Fees and Payment Terms. Fees shall be specified in the applicable Order Document and, unless stated otherwise, are denominated and payable in United States Dollars(USD) and due within 45 days of the date of invoice.VFA is not responsible for any payment conditions that are not expressly stated in this Agreement or any applicable Order Document. 4.2. Overdue Charges.In the event that any Fees due and owing to VFA are not received by the due date,then VFA may:(i)charge interest on any past due balances at the lesser of: (a) 1%a%per month,or(b)the highest rate allowed by law, and (ii) be entitled to condition future purchases on shorter payment terms.Client acknowledges that,if it fails to provide a purchase order number when required for payment, or it delays payment by requesting payment conditions not set forth in the Agreement,VFA's right to pursue overdue charges will not be waived. 4.3. Suspension of Services.In the event any Fees due and owing are 30 or more days overdue from the last day of the initial 45-day payment period, VFA may, after providing notice to Client, and without limiting any of its other rights and remedies: (i) suspend, terminate, or otherwise deny Client access to or use of,all or any part of the Services,and(ii)require full payment of the overdue amount,and any other amount due and owing,prior to additional or continued performance by VFA. 4.4. Taxes. Unless expressly provided otherwise in this Agreement or any applicable Order Document, the prices in the Agreement do not include taxes. Client agrees to pay any taxes arising out of the Agreement, other than those based on VFA's net income. If Client is tax- exempt, Client agrees to provide VFA a copy of its tax-exempt certificate prior to execution of an Order Document. Client shall be responsible for any liability or expense incurred by VFA as a result of Client's failure or delay in paying taxes due. 4.5. Out-of-Pocket Expenses.Unless otherwise noted within the Agreement,any reasonable direct out-of-pocket expenses incurred by VFA in its performance of Professional Services for Client will be invoiced in addition to any applicable Fees due and owing. These expenses typically include but are not limited to airfare, lodging, employee meals, and sales, use, or similar(VAT,GST)taxes associated with those expenses. 4.6. Compliance/Audit.VFA may audit Client's use of the Services at any time during the Term and at termination.Client(i)acknowledges that the Software includes a License Metric management component that tracks Software usage, and (ii) agrees not to impede, disable, or otherwise undermine operation of such management component. Upon written request, Client shall make available to VFA any records that show Client's compliance with the terms of this Agreement.If such audit determines that Client's use of the Services exceed the usage permitted by the Order Document("Overage"),Client shall pay to VFA:(a)all amounts due for previous and continuing excess use,and(b) the costs resulting from such audit.Any Overages will be assessed and invoiced by VFA. If VFA fails to charge for Overages,such failure to charge is not a waiver of those Overages and VFA retains the right to charge for those Overages.Overages will continue to be invoiced until such time the permitted usage amount is changed to reflect Overages. 4.7. Purchase Orders. In the event that Client requires a Purchase Order in order to process the license or purchase of any VFA-provided services,both parties agree that those services may be suspended or delayed until VFA's receipt of the Purchase Order 5. CONFIDENTIALITY 5.1. Defined.One party("Disclosing Party") may expose or provide to the other party("Receiving Party") Disclosing Party's confidential and proprietary information,including but not limited to information designated as confidential in writing,or information which the Receiving Party should know is confidential and proprietary("Confidential Information").Confidential Information includes, but is not limited to, to the extent permitted by law:the terms and conditions(but not the existence)of the Agreement(subject to Client's responsibilities under the Ralph M. Brown Act, Government Code section 54950 et seq. and the California Public Records Act, Government Code section 6250 et.seq.), all trade secrets, software, source code, object code, specifications, system documentation, business plans, customer lists and customer-related information,confidential financial information,proposals,budgets as well as results of testing and benchmarking of the 2 Software or other services,product roadmap,data and other information of VFA and its licensors relating to or embodied in the Hardware, Software, or Documentation. Placement of a copyright notice on any portion of the Software will not be construed to mean that such portion has been published and will not diminish any claim that such portion contains VFA's Confidential Information.For the avoidance of doubt,VFA's Intellectual Property is Confidential Information. 5.2. Non-Disclosure.The Receiving Party will protect the Disclosing Party's Confidential Information from unauthorized dissemination and will use the same degree of care that it uses to protect its own confidential information,but in no event less than a reasonable amount of care. Neither party will use Confidential Information of the other party for purposes other than those necessary to directly further the purposes of the Agreement. Except as otherwise expressly permitted herein,the Receiving Party shall not disclose Disclosing Party's Confidential Information to any person or entity other than the Receiving Party's officers, or employees who (i) need access to such Confidential Information in order to effect the intent of this Agreement,and(ii) have entered into written confidentiality agreements,or are bound by professional responsibility obligations,which protect the Disclosing Party's Confidential Information sufficient to enable the Receiving Party to comply with its obligations of confidentiality under this Agreement. 5.3. Exceptions.Information shall not be considered Confidential Information to the extent,but only to the extent,that the Receiving Party can establish that such information(i)is or becomes generally known or available to the public through no fault of the Receiving Party;(ii)was in the Receiving Party's possession before receipt from the Disclosing Party; (iii) is lawfully obtained from a third party who is not under any confidentiality obligations and has the right to disclose; or (iv) has been independently developed by the Receiving Party without reference to Disclosing Party's Confidential Information. 5.4. Compelled Disclosure.Receiving Party may disclose Disclosing Party's Confidential Information if it is compelled by law to do so,provided that the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure(to the extent legally permitted)and reasonable assistance,at the Disclosing Party's cost,if the Disclosing Party wishes to contest such disclosure. 5.5. Other Permitted Disclosures. Notwithstanding the foregoing confidentiality obligations,a party may provide a copy of this Agreement to the following persons and/or entities,who are under obligations of confidentiality substantially similar to those set forth in this Agreement: potential acquirers, merger partners, lenders, and investors and to their employees, agents, attorneys, investment bankers, lenders, financial advisors,and auditors in connection with the due diligence review of such party.A party may also provide a copy of this Agreement to the party's outside accounting firm and legal advisors and in connection with any litigation or proceeding relating to this Agreement. 6. LIMITED RIGHTS AND OWNERSHIP 6.1. Reservation of Rights.All rights not expressly granted in the Agreement are reserved by VFA and its Partners.Client acknowledges that:(i) all Software is licensed and not sold;(ii)Client acquires only the right to use the Software,Professional Services,or SaaS Services,and VFA and its Partners shall retain sole and exclusive ownership of and all rights,title,and interest in the Protected Materials,including(whether developed by VFA,Client,or a third party): (a)intellectual property embodied or associated therewith; (b)deliverables and work product associated therewith; (c)all copies and derivative works thereof; and (d)the Protected Materials, including the source and object codes, logic and structure,which constitute valuable trade secrets of VFA and its Partners."Protected Materials"as used herein means Software, Professional Services, or VFA's or its Partners' intellectual property or Confidential Information. Client agrees to secure and protect the Protected Materials consistent with the maintenance of VFA's and its Partners'rights set forth in this Agreement. 6.2. Restrictions. Client shall not itself, or through any Affiliate, employee, consultant, contractor, agent, or other third party: (i) sell, resell, distribute,host,lease,rent,license or sublicense,in whole or in part,the Protected Materials;(ii)decipher,decompile,disassemble,reverse assemble,modify,adapt,translate,reverse engineer or otherwise attempt to make any changes to or derive source code,algorithms,tags, specifications,architecture,structure or other elements from the Protected Materials,in whole or in part,for any purpose;(iii)allow access to, provide,divulge or make available the Protected Materials to any user other than Client's employees who have a need to such access and who shall be bound by a nondisclosure agreement with provisions that are at least as restrictive as the terms of the Agreement; (iv) write or develop any derivative works based upon the Protected Materials; (v)use the Protected Materials to provide processing services to third parties, or otherwise use the same on a 'service bureau' basis; (vi) disclose or publish, without VFA's prior written consent, performance or capacity statistics or the results of any benchmark test performed on the Protected Materials;(vii)allow any access to or use of the Protected Materials by any third party without VFA's prior written consent for any purpose, including but not limited to outsourcing, installation, upgrade and customization services;or(viii)otherwise use or copy the Protected Materials except as expressly permitted herein. 6.3. Enforcement. Client shall (i) ensure that all users of the Software comply with the terms and conditions of the Agreement, (ii) promptly notify VFA of any actual or suspected violation thereof and(iii)cooperate with VFA with respect to investigation and enforcement of the Agreement. 7. PRIVACY. Client represents and warrants that, before providing personal information to VFA or its agents, it will comply with any laws applicable to the disclosure of personal information,including providing notices to or obtaining consent from third parties to allow sharing of their personal information with VFA under the Agreement,as further set forth in Exhibit C.VFA will take reasonable measures to protect the security of such personal information transferred by Client to VFA.VFA is not a creator, user,or recipient of individually identifiable health information or of any other information that qualifies as "Protected Health Information" under the Health Insurance Portability and Accountability Act of 1996("HIPAA")and therefore is not a"business associate"under HIPAA.Neither party to this Agreement contemplates 3 or intends that VFA will be exposed to any Protected Health Information in connection with any of the services or goods to be provided hereunder. 8. CLIENT DATA. 8.1. Client Data.Client retains sole and exclusive ownership to any and all Client Data,and Client shall be responsible for the accuracy,quality, integrity and legality of Client Data and of the means by which it acquired Client Data. 8.2. Copy of Client Data. Upon termination of the applicable SaaS Service, Software, or applicable license (as set forth in Exhibit A), and no longer than 30 days following termination of the Agreement, Client may request in writing a copy of Client Data in a format mutually acceptable to the parties ("Exported Copy"). Provided Client is not in breach of any of its obligations under the Agreement, and upon Client's written request and payment of the applicable Fees(of which a then-current fee schedule will be provided upon request),VFA will provide such Exported Copy. For the avoidance of doubt,Client will have full access to its Client Data throughout the Term;the Exported Copy is applicable only when Client requests that VFA provide Client Data in a certain format. Client acknowledges and agrees that VFA shall have no obligation to maintain Client Data after 30 days from termination. 9. INDEMNIFICATION. 9.1. VFA Indemnification.VFA will indemnify,defend,or hold harmless the Client from any action,suit or proceeding brought against Client by a third party alleging that the SaaS Services used in accordance with this Agreement infringe a third party's intellectual property right ("Claim")and VFA will indemnify Client against all damages and costs finally awarded,or those costs and damages agreed to in a monetary settlement of such action,which are attributable exclusively to such Claim,provided that Client:(i)gives prompt written notice of the Claim to VFA; (ii)gives VFA sole control of the defense and settlement of the Claim (provided that VFA may not settle any Claim against Client unless it unconditionally releases Client of all liability); and (iii) provides VFA, at VFA's expense, with all reasonable information and assistance relating to the Claim and reasonably cooperates with VFA and its counsel.VFA has no obligation to the extent any Claim results from:(1)Partner Software,(2)the combination,operation,or use of the SaaS Services with software or data not provided or approved by VFA,or(3)Client's breach of this Agreement. If it is adjudicated that an infringement of the SaaS Services,by itself and used in accordance with the Agreement, infringes upon any third party intellectual property right, VFA shall, at its option: (i) procure for Client the right to continue using the SaaS Service; (ii) replace or modify the same so it becomes non-infringing;or(iii)terminate the affected SaaS Service and Client's rights thereto and provide Client a refund of the pre-paid but unused portion of the SaaS Service fees paid to VFA for the affected SaaS Service. THIS SECTION STATES VFA'S ENTIRE OBLIGATION TO CLIENT AND CLIENT'S SOLE REMEDY FOR ANY CLAIM OF INFRINGEMENT. 9.2. Client Indemnification.Client will indemnify,defend,or hold harmless VFA from any action,suit,or proceeding brought against VFA by a third party alleging that the Client Data,or Client's use of the SaaS Services in violation of this Agreement,infringes the intellectual property rights of,or has otherwise harmed,a third party,and Client will indemnify VFA against all damages and costs finally awarded or those costs and damages agreed to in a monetary settlement of such action, which are attributable exclusively to such claim, provided that VFA: (i) provides prompt written notice of the claim to Client;(ii)gives Client sole control of the defense and settlement of the claim(provided that Client may not settle any claim unless it unconditionally releases VFA of all liability);and (iii) provides Client,at Client's expense,with all reasonable information and assistance relating to the claim and reasonably cooperates with Client and its counsel.THIS SECTION STATES CLIENT'S ENTIRE OBLIGATION TO VFA AND VFA'S SOLE REMEDY FOR ANY CLAIM FOR INDEMNIFICATION. 10. WARRANTIES. 10.1. Warranties. For 90 days following the acceptance of VFA Software, VFA warrants that (i) the VFA Software will perform materially in conformance with the applicable Documentation and this Agreement; and (ii)the functionality and security of the VFA Software will not materially decrease. 10.2. Remedies.If the services are not performed consistent with the warranty set forth in Section 10.1(i)above,Client shall promptly notify VFA in writing of such claim.As Client's exclusive remedy for any claim under this warranty and provided that such claim is determined by VFA to be VFA's responsibility,VFA shall,within 30 days of its receipt of Client's written notice,(i)re-perform the affected services so that they are conforming; (ii) provide Client with a plan reasonably acceptable to Client for re-performing the affected services;or(iii) if neither(i) nor(ii) can be accomplished with reasonable commercial efforts from VFA, then VFA or Client may terminate the affected service, and Client will be entitled to a refund of the fees paid for the affected service.The preceding warranty cure shall constitute VFA's entire liability and Client's exclusive remedy for breach of the warranty set forth herein. If Client elects not to terminate the applicable service, Client waives all rights for the applicable warranty cure set forth herein. If the SaaS Services are not performed consistent with the warranty set out in Sections 10.1(ii)above,Client shall be entitled to the remedies set out in Sections 12.2(Termination)and 12.3(Termination Refund or Payment Obligations). 10.3. Exclusions.VFA is not responsible for any claimed breach of any warranty set forth in section 10.1 caused by:(i)modifications made to the services by anyone other than VFA or its Partners; (ii)the combination, operation, or use of the services with any items not certified or approved by VFA;(iii)VFA's adherence to Client's specifications or instructions;(iv)errors caused by or related to internet connectivity,(v) Client deviating from the services operating procedures described in the Documentation,or(vi)Partner Software,which is pursuant to the original licensor's warranty,if any. 4 10.4. Partner Software. Client acknowledges that certain SaaS Services may contain Partner Software, and VFA may add and/or substitute functionally equivalent products for any Partner Software in the event of product unavailability, end-of-life, or changes to software requirements.VFA makes no warranty with respect to any Partner Software. 10.5. Disclaimer. EXCEPT AS SET FORTH ABOVE,VFA, ITS LICENSORS,AND ITS SUPPLIERS MAKE NO WARRANTIES OF ANY KIND,AND VFA, ITS LICENSORS,AND ITS SUPPLIERS EXPRESSLY DISCLAIM,TO THE MAXIMUM EXTENT PERMITTED BY LAW,ALL OTHER WARRANTIES,EXPRESS OR IMPLIED, ORAL OR WRITTEN, INCLUDING,WITHOUT LIMITATION, (i)ANY WARRANTY THAT ANY SAAS SERVICES ARE ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION, OR THAT ALL ERRORS WILL BE CORRECTED; (ii) ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, (iii) ANY WARRANTY THAT CONTENT AND/OR PARTNER SOFTWARE WILL BE ACCURATE, RELIABLE, AND ERROR-FREE, AND (iv) ANY AND ALL IMPLIED WARRANTIES ARISING FROM STATUTE,COURSE OF DEALING,COURSE OF PERFORMANCE,OR USAGE OF TRADE.NO ADVICE,GUIDANCE,STATEMENT,OR INFORMATION GIVEN BY VFA,ITS AFFILIATES,CONTRACTORS,OR EMPLOYEES SHALL CREATE OR CHANGE ANY WARRANTY PROVIDED HEREIN. 10.6. NOTHING CONTAINED IN THIS SECTION(WARRANTIES)SHALL AIM TO LIMIT ANY LIABILITY TO THE EXTENT PROHIBITED BYLAW. 11. LIMITATION OF LIABILITY 11.1. Limitation of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, EACH PARTY'S TOTAL LIABILITY (INCLUDING ATTORNEYS FEES AWARDED UNDER THE AGREEMENT)TO THE OTHER FOR ANY CLAIM UNDER THIS AGREEMENT WILL BE LIMITED TO THE FEES PAID FOR THE PRIOR TWELVE(12)MONTHS FOR THE PRODUCT OR SERVICE WHICH IS THE SUBJECT MATTER OF THE CLAIM.NOTWITHSTANDING THE FOREGOING, THE ABOVE LIMITATIONS SHALL NOT APPLY TO CLIENT'S OBLIGATIONS TO PAY VFA ANY AMOUNTS SET FORTH UNDER SECTION 4. FINANCIAL TERMS, OR EITHER PARTY'S INDEMINIFICATION RESPONSIBLITIES SET FORTH IN SECTION 9. 11.2. Exclusion of Indirect and Consequential Damages.IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT,SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE, TREBLE, OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF BUSINESS, REVENUE, PROFITS,STAFF TIME,GOODWILL, USE, DATA,OR OTHER ECONOMIC ADVANTAGE),COST OF REPLACEMENT,WHETHER BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, PRODUCT LIABILITY OR OTHERWISE, WHETHER OR NOT A PARTY HAS PREVIOUSLY BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES 11.3. Time to Bring Action. EXCEPT FOR NON-PAYMENT OF ANY FEES DUE TO VFA, NO CLAIM ARISING OUT OF THE AGREEMENT, REGARDLESS OF FORM, MAY BE BROUGHT MORE THAN THE SHORTER OF: (i)ONE YEAR,OR(ii)THE MINIMUM PERIOD ALLOWED BY LAW AFTER THE CAUSE OF ACTION HAS OCCURRED. 11.4. Damages Prohibited by Law. NOTHING CONTAINED IN THIS SECTION SHALL AIM TO LIMIT ANY LIABILITY TO THE EXTENT PROHIBITED BY LAW. 11.5. Survival.THIS SECTION SHALL SURVIVE FAILURE OF ANY EXCLUSIVE REMEDY. 12. TERM AND TERMINATION 12.1. Agreement Term.The term of this Agreement shall commence on the Effective Date and shall continue in full force and effect until the expiration or termination of all Order Documents,unless otherwise terminated earlier as provided hereunder. 12.2. Termination.Either party may terminate the Agreement,including all Order Documents,immediately upon written notice in the event:(i) that the other party commits a non-remediable,material breach of the Agreement,or if the other party fails to cure any remediable material breach or provide a written plan of cure acceptable to the noticing party within 30 days of being notified in writing of such breach;or(ii) of institution of bankruptcy,receivership,legal insolvency,reorganization,or other similar proceedings by or against the other party under any section or chapter of the United States Bankruptcy Code,as amended,or under any similar laws or statutes of the United States or any state thereof, if such proceedings have not been dismissed or discharged within 30 days after they are instituted;or the legal insolvency of,making of an assignment for the benefit of creditors of,the admittance of any involuntary debts as they mature by,or the institution of any reorganization arrangement or other readjustment of debt plan of either party not involving the United States Bankruptcy Code.Where a party has a right to terminate the Agreement,the terminating party may, at its discretion,either terminate the Agreement in whole or terminate only the applicable Order Document.Order Documents that are not terminated shall continue in full force and effect under the terms of this Agreement. Upon expiration or termination of this Agreement by VFA or Client, Client shall promptly cease all use of the Software and shall either securely destroy or securely transfer, at VFA's sole discretion, all Software, and securely delete existing copies (unless storage of any data is required by applicable law,and if so,Client shall notify VFA of such requirement). 12.3. Termination Refund or Payment Obligations.In the event Client terminates this Agreement pursuant to Section 12.2,VFA shall refund all pre-paid but unused Software fees to Client. Termination of this Agreement by VFA pursuant to Section 12.2 shall not excuse Client's obligation to pay in full any and all amounts due and owing,nor shall such termination result in a refund of Fees paid. 12.4. Survival.The following provisions will survive any termination or expiration of the Agreement:Sections 1,3,4,5,6,8.2,9, 11, 12.3 12.4, and 13. 13. GENERAL PROVISIONS 13.1. Force Majeure.To the extent that a delay or failure to perform all or any part of this Agreement or applicable Order Document is caused, in whole or in part, by events, occurrences, or causes beyond the control and without any negligence on the part of the party seeking protection under this Section, neither party shall have the right to terminate the Agreement or any Order Document, and neither party 5 shall incur any liability to the other party on account of any loss,claim,damage,or liability resulting from such delay or failure to perform. Such events,occurrences,or causes shall include,without limitation,acts of God,acts of government,flood,fire,explosions,earthquakes, civil unrest, acts of war, acts of terrorism, epidemics, pandemics, strikes, lockouts, riots or other labor problems, computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within VFA's possession or reasonable control, and denial of service attacks ("Force Majeure Events"). Dates by which performance obligations are scheduled to be met will be extended for a period of time equal to the time lost due to any delay so caused,however,either party may terminate the Agreement or an Order Document due to a Force Majeure Event extending beyond 90 days. 13.2. Assignment. In the event of a Change of Control,either party may assign this Agreement in its entirety(including all Order Documents)to its parent company or other affiliated company.In the event such assignment is not subject to the foregoing,neither party may assign the Agreement or any of its rights and obligations herein without the other party's prior written consent (which shall not be unreasonably withheld).In the event of an assignment due to a Change of Control,VFA will have the right to:(i)adjust the costs set forth in the Agreement in order to reflect any change to the Software and/or services;and(ii)invoice additional Fees for the transition of Software and/or services to the new Client party. 13.3. Notice of U.S.Government Restricted Rights. If the Client hereunder is the U.S.Government,or if the Software is acquired hereunder on behalf of the U.S. Government with U.S. Government federal funding, notice is hereby given that the Software is commercial computer software and documentation developed exclusively at private expense and are furnished as follows: "U.S. GOVERNMENT RESTRICTED RIGHTS. Software and the Protected Rights delivered subject to the FAR 52.227-19. All use, duplication and disclosure of the Software and/or the Protected Rights by or on behalf of the U.S. Government shall be subject to this Agreement and the restrictions contained in FAR 52.227-19,Commercial Computer Software License-(December 2007)". 13.4. Export. Client shall fully comply with all relevant and applicable export laws and regulations of the United States to ensure that (i) the Software and/or Protected Rights are not exported,directly or indirectly,in violation of United States law,export embargo,prohibition,or restriction,and(ii)no Software is accessed or used in violation of any United States law,export embargo,prohibition,or restriction. 13.5. Non-Solicitation. During the term of this Agreement, and for a period of one year following its termination, neither party will solicit for employment, directly or through other parties,without the other party's written permission,any individual employed by the other party that is involved in the performance of this Agreement,provided however that the solicitation or hiring of individuals responding to general public marketing and recruiting advertisements and events shall not be a violation of this provision; only active, targeted solicitation is prohibited. 13.6. Equal Opportunity Employer.VFA's employment decisions are not based on an employee's race, color, religion or belief, national,social or ethnic origin,sex(including pregnancy),age,physical,mental,or sensory disability,HIV status,sexual orientation,gender identity and/or marital, civil union, or domestic partnership status, past or present military service, medical or genetic information, family or parental status,or any other status protected by the laws or regulations in the locations where we operate. 13.7. Notices.Any notice sent pursuant to this Agreement shall be delivered (i) by hand, overnight courier, or registered mail, return receipt requested, to the address of the parties set forth in the Agreement, or to such other address of the parties designated in writing in accordance with this subsection,or(ii)by e-mail to legal@gordian.com. 13.8. Relationship. This Agreement does not and is not intended to create a partnership, franchise, joint venture, agency, or a fiduciary or employment relationship. Neither party may bind the other party or act in a manner which expresses or implies a relationship other than that of independent contractor. 13.9. Marketing.Client agrees to allow VFA to list Client's name and logo on the Gordian website,which will be listed no more prominently than any other client.Upon Client's prior written consent,Client agrees to allow VFA to publish one press release announcing Client's selection of VFA,which will not be published without Client's prior consent(which consent shall not be unreasonably withheld). 13.10. Invalidity.If any provision of the Agreement shall be held to be invalid,illegal,or unenforceable,the validity,legality,and enforceability of the remaining provisions shall not in any way be affected or impaired. 13.11. No Waiver.Any waiver of the provisions of this Agreement,or of a party's rights or remedies under the Agreement, must be in writing to be effective.Any such waiver shall constitute a waiver only with respect to the specific matter described in such writing and shall in no way impair the rights of the party granting such waiver in any other respect or at any other time.The waiver by either of the parties of a breach or of a default under any of the provisions of the Agreement shall not be construed as a waiver of any other breach or default of a similar nature, or as a waiver of any of such provisions, rights,or privileges hereunder.The rights and remedies provided under this Agreement are cumulative and none is exclusive of any other, or of any rights or remedies that any party may otherwise have at law or in equity. Failure,neglect,or delay by a party to enforce the provisions of the Agreement or its rights or remedies at any time,shall not be construed and deemed to be a waiver of such party's rights under the Agreement and shall not in any way affect the validity of the whole or any part of the Agreement or prejudice such party's right to take subsequent action. 13.12. No Third-Party Beneficiaries.This Agreement is for the benefit of the parties and their successors,permitted assigns,and does not confer any rights or benefits on any third party,including any employee,client,or employee of a client or a party.Notwithstanding the above,the parties acknowledge that all rights and benefits afforded to VFA under the Agreement shall apply equally to the owner of the Partner Software with respect to the Partner Software,and such third party is an intended third-party beneficiary of the Agreement,with respect to the Partner Software. 13.13. Governing Law and Venue.The Agreement shall be governed by and construed in accordance with the laws of the State of California without giving effect to its principles of conflict of laws.Any dispute shall be litigated in the state or federal courts located in the State of 6 California to whose exclusive jurisdiction the parties hereby consent. For purposes of establishing jurisdiction in California under this Agreement,each party hereby waives,to the fullest extent permitted by applicable law,any claim that:(i)it is not personally subject to the jurisdiction of such court; (ii) it is immune from any legal process with respect to it or its property; and (III) any such suit, action, or proceeding is brought in an inconvenient forum. Venue for any action arising out of or related to this Agreement shall only be in Fresno County,California.The parties agree that this contract is not a contract for the sale of goods and shall not be governed by any codification of Article 2 or 2A of the Uniform Commercial Code or the Uniform Computer Information Technology Act,or any references to the United National Convention on Contracts for the International Sale of Goods. 13.14. Drafting.The Agreement shall not be construed in favor of or against a parry based on the author of the document. 13.15. Counterparts.The Agreement may be executed in one or more counterparts,each of which shall constitute an enforceable original of the Agreement,and that facsimile,electronically or digitally signed,and/or PDF-scanned copies of signatures shall be as effective and binding as original signatures. 13.16. Insurance.VFA and each of its subsidiaries are insured by insurers of recognized financial responsibility against losses and risks in amounts that VFA's management believes to be prudent and customary in the businesses and industries in which they are engaged.Neither VFA nor its subsidiaries have been denied insurance coverage and neither VFA nor its subsidiaries have any reason to believe that it will be unable to:(i)renew its existing insurance coverage when such coverage expires,or(ii)obtain similar coverage as may be necessary to continue its business and not adversely affect the condition,earnings,business,or operations of VFA and its subsidiaries.Relevant insurance coverage information will be provided to Client through the Due Diligence Package(defined below). 13.17. Due Diligence Package.Upon request,but no more than once per year,VFA shall provide to Client a package with information relevant to the services being licensed and/or purchased, including compliance reports, audit reports, certification reports, standard insurance certificates,and relevant VFA policies("Due Diligence Package").The Due Diligence Package is VFA's Confidential Information. IN WITNESS WHEREOF,the duly authorized representatives of the parties agree to the terms and conditions of this Agreement. VFA, INC. County of Fresno Sign: � 's Sign: 1L. 01 Print Name: Angela S Michelini Print Name: Sriar'l PQGheC© Title: VP,Legal&Gov't Affairs Title: GharrMa 0 Date: 2-18-2022 Date: ATTEST: BERNICE E.SEIDEL Clerk of the Board of Supervisors County of Fresno,State of California By_ Deputy 7 Exhibit A: SaaS-Specific Terms and Conditions 1. SaaS SERVICES LICENSE.Subject to the terms of this Agreement,VFA grants to Client and its Affiliates,for the Term of each Order Document, the non-exclusive,non-assignable,royalty-free,and worldwide right to access and use the SaaS Services set forth in such Order Document for Client's internal business purposes. Purchased SaaS Services may be accessed by Client and used to manage the License Metrics specified in the Order Document.Client may purchase additional License Metrics,subject to an additional Order Document at the then-current price in effect,prorated for the remainder of the then-current term of such Order Document.The term of the added License Metrics will be concurrent with the term of the Order Document.Fees are based on SaaS Services and License Metrics purchased,and not actual usage. 1.1. SaaS Environment. Client is responsible for obtaining and maintaining, at its own expense, all equipment needed to access the SaaS Services,including but not limited to Client's internet access. 1.2. Support Services.Subject to Client's payment of applicable Fees,VFA will provide to Client the Support services applicable to each SaaS Service purchased. 1.3. Backups and Restoration Services.Provided Client is not otherwise in breach of the Agreement,and upon written request and subject to Client's payment of applicable Fees (for which a then-current fee schedule will be provided upon request), VFA will perform database restoration services. 1.4. Passwords;Security.Client and its users are in control of the creation and dissemination of passwords.As such,Client will be responsible for(i)maintaining the confidentiality of all passwords and for ensuring that each password is used only by the authorized user,and(ii)any and all activities that occur under Client's account.Client agrees to immediately notify VFA of any unauthorized use of Client's account or any other breach of security known to Client.VFA shall have no liability for any loss or damage arising from Client's failure to comply with these requirements.VFA will maintain Client passwords as confidential and will not disclose them to third parties. 2. SECURITY. 2.1. Data Location. VFA will maintain the SaaS Services either at an VFA location or through a reputable Partner, where it is subject to commercially reasonable security precautions. Such precautions shall comply with industry standards for the type of information maintained and shall include, but not be limited to, procedures and measures to prevent unauthorized access to the SaaS Services and unauthorized use of and/or modification of Client Data.Notwithstanding such security precautions,and in no way diminishing or revoking VFA's security obligations herein,Client acknowledges that use of or connection to the Internet provides the opportunity for unauthorized third parties to circumvent such precautions and illegally gain access to the SaaS Services. 2.2. Disaster Recovery. In the event a disaster is declared,VFA will initiate the Disaster Recovery Plan and shall use commercially reasonable efforts to restore the SaaS environment in accordance with VFA's recovery time objectives. 2.3. Data Breach.Upon becoming aware of or suspecting a breach or potential breach of Client Data,including but not limited to unauthorized or unlawful processing of,disclosure of,access to,destruction of,loss of,alteration to,or corruption of Client Data ("Data Breach"),Client must immediately notify VFAVFA in writing.Client's notification must include any relevant information relating to the Data Breach.Such information may include,but is not limited to,the nature of the Data Breach,the nature of the Client Data affected,the categories and number of users concerned,the number of Client Data records concerned,measures taken to address the Data Breach and the possible consequences and adverse effect of the Data Breach.To the extent possible,Client must maintain a log of the Data Breach,including facts,effects,and remedial action taken.Upon becoming aware of a Data Breach, VFAVFA must notify Client in writing within 72 hours following the discovery of the Data Breach.In the event that such Data Breach is determined by VFAVFA to be VFAVFA's responsibility,it will,at its own cost,take all steps to restore,re-constitute,or reconstruct any Client Data which is lost,damaged,destroyed,altered,or corrupted as a result of a Data Breach,with as much urgency as VFAVFA would perform if it were its own data,and shall provide Client with all reasonable assistance in respect of any such Data Breach. 3. ACCEPTABLE USE.Client acknowledges and agrees that VFA does not monitor or police the content of Client's or its users'communications or data transmitted through the SaaS Services, and that VFA shall not be responsible for the content of any such communications or transmissions. Client shall use the SaaS Services exclusively as authorized in this Agreement and pursuant to all applicable laws and regulations.Client agrees not to post or upload any content or data which(i)contains Malicious Code;(ii)violates the rights of others,such as data which infringes on any intellectual property rights or violates any right of privacy or publicity;or(iv)otherwise violates any applicable law or regulation. Client further agrees not to interfere or disrupt networks connected to the SaaS Services, not to interfere with another entity's use and enjoyment of similar services and to comply with all regulations,policies and procedures of networks connected to the SaaS Services.VFA may remove any violating content posted on the SaaS Services and/or training services or transmitted through the SaaS Services, without notice to Client.Upon notice provided to Client,VFA may suspend or terminate any user's access to the SaaS Services as determined necessary to protect the security or functionality of the VFA system,or in the event that VFA reasonably determines that such user has violated the terms and conditions of this Agreement. 8 4. TERM.SaaS Services commence on the date specified in the Order Document and continue for the term set forth therein (`Initial Term"). Following the end of the Initial Term, SaaS Services shall automatically renew for 12 months (a "Renewal Term") unless either Party gives written notice 60 days prior to the end of the Initial Term, or any Renewal Term, of its intention to terminate the SaaS Service, or unless agreed to otherwise by the parties in writing.Any proposed change to pricing or terms for a Renewal Term shall be provided by VFA in writing no less than 90 days prior to the end of the Initial Term or any Renewal Term.The Initial Term and Renewal Terms are collectively referred to as the"Term." 9 Exhibit B: Professional Services 1. Defined Terms. 1.1. "Change Control" is defined as the process by which requests for changes in deliverables, responsibilities, resources or project schedule are properly recorded,evaluated,distributed and incorporated into the SOW.Change Control process will be defined by Client and VFA as part of project planning. 1.2. "Change Order" is defined as a document which captures any and all alterations to this SOW with regard to changes in deliverables, responsibilities,resources,Term Information or Services Fees. 1.3. "Notification Period" is defined as the period of time in which the Client must notify VFA of material nonconformance with services provided herein. 1.4. "Statement of Work"or"SOW" is defined as the project document attached hereto or that references this Agreement and defines the scope of professional services to be provided. 2. Changes to Scope and/or Schedule. If at any time either party does not meet deadlines outlined within the agreed upon project schedule, Client and VFA both agree and acknowledge the following may occur:(1) Project Schedule will be revised to accommodate any delays,and a new, mutually agreed upon schedule will be drafted by the VFA project manager and signed by appropriate Client and VFA representatives, (2)If delays are extensive,project resources will be reallocated to other engagements.(3)Fees for additional work or extension of resources may be incurred 2.1. During the course of the project,if VFA determines or could reasonably determine any Client actions or direction constitute a requirement to perform additional work,not otherwise specified herein,VFA shall notify Client within 30 days that Client has requested VFA to perform additional work. 2.2. VFA agrees and acknowledges that it waives the right to request reimbursement for work already performed if VFA fails to notify Client of the requirement to perform additional work.VFA will complete a Change Order containing the changes to the project, project schedule, deliverables and/or Services and Fees contained in this SOW.Client may request up to 10 business days to determine whether to execute the Change Order. After the 10 business days,the terms of the Change Order may be subject to change depending upon availability of resources,impact to project schedule or severity of impact on existing activities. 3. Costs. Unless otherwise expressly stated in the applicable SOW,Professional Services shall be provided on a time and materials("T&M")basis. On a T&M engagement,the T&M rates will be the rates set forth in the SOW,except that if the SOW does not state the applicable T&M rates, then VFA's standard T&M rates in effect at the time the SOW is entered into will apply.Furthermore,if an estimated total amount is stated in the applicable SOW,that amount is solely a good faith estimate for Client's budgeting and VFA's resource scheduling purposes and not a guarantee that the work will be completed for that amount.If Client wishes the VFA personnel to perform on Client's site,Client agrees it shall give VFA at least two(2)weeks'prior notice so VFA can make appropriate travel arrangements. 4. Travel and Expense. 4.1. VFA will provide notice of any requested travel that will occur on a non-business day(weekend or holiday) 4.2. VFA will provide services via phone, internet, and email or otherwise remotely from the VFA premises unless otherwise stated in the relevant SOW. 4.3. In the event Client cancels or reschedules any on-site engagement with VFA Consultant(s)with less than 15 business days lead time but more than 7 business days, VFA will invoice Client and Client will pay for 50% of the cancellation and/or change fees associated with rebooking travel and arrangement.In the event Client cancels or reschedules any VFA resource(s)with less than 7 business days lead time, VFA will invoice Client and Client will pay for 100%of the associated fee. 4.4. If applicable, travel time is calculated as the time between departure from VFA premises, local airport or home office and arrival at destination address,as determined by both Parties prior to departure,or destination airport. 5. Project Close.The Notification Period prior to the closure of the project is 10 business days from the date that VFA provides written notice to Client that states the delivery of services is complete.In the event Client does not provide notice of material nonconformance or request for change during Notification Period, the project will be closed, and no additional work will be performed by VFA pursuant to the services contained herein. In the event Client does provide notice of material nonconformance or request for change after the expiration of Notification Period, such work shall only be performed under a new contractual arrangement. In the event material non-conformance is identified within the Notification Period,VFA shall promptly correct such non-conformance,which was due to fault or negligence of VFA,at no additional cost to Client. 10 6. Cooperation.Client shall provide VFAVFA with commercially reasonable cooperation and access to such information,facilities,personnel and equipment as may be reasonably required by VFA in order to provide the Professional Services,including,but not limited to,providing security access,information,and software interfaces to Client's applications,and Client personnel,as may be reasonably requested by VFA from time to time.Client acknowledges and agrees that VFA performance is dependent upon the timely and effective satisfaction of Client's responsibilities hereunder and timely decisions and approvals of Client in connection with the Professional Services.VFA shall be entitled to rely on all decisions and approvals of Client. 7. Client Data.Client's data shall be provided to VFA in a format approved by VFA or additional charges will apply.Client is responsible for the accuracy and completeness of its information and Client Data.VFA's performance is dependent on Client's timely provision of accurate and complete resources and information,including but not limited to detailed,precise and clear specifications for any deliverables. 11 Exhibit C: Data Access and Rights 1. COLLECTION AND OWNERSHIP.Client acknowledges that data regarding its use of the Software("Usage Data")may be collected from one or more sensors,Internet of Things(IoT)devices,or other data gathering equipment installed or located on Client's premises(collectively"Devices"), including location(s)owned,occupied,or otherwise under control of Client. If Client has ownership rights to one or more of the Devices,Client owns and retains full access and rights to the Usage Data,or if resold by a field service provider the end user acquires full access and rights as a licensor(and be classified as"Licensor"herein).If VFA owns one or more of the Devices,notwithstanding the Devices being located on Client's premises,VFA shall own and retain full access and rights to the Usage Data. 2. USE AND ACCESS.Each of the parties shall have access to the other party's Usage Data. However,for avoidance of doubt,VFA may not,either directly or indirectly,sell or share VFA-owned Usage Data with any third parties without the prior express written consent of Client.Client may sell or share Client-owned Usage Data to third parties without the consent of VFA. Unless mutually agreed upon by the parties,in no event may a party sell or share data owned by the other party to or with any third party.VFA's use of the Usage Data shall primarily be for purposes of improving the Services. 3. LICENSE GRANT.Client grants to VFA a non-exclusive, royalty free license,to use any data and information that Client provides,generates, transfers, or makes available to VFA for purposes of performing its obligations under the Agreement,as well as to generate Resultant Data for product improvement, product development, and other business purposes. Any such data and information provided, generated, transferred,or made available to VFA by Client shall be anonymized and aggregated by VFA prior to use for any of its purposes described in this Section 3. 4. RESULTANT DATA.Client hereby agrees that VFA and its successors and assigns may collect,use,publish,disseminate,sell,transfer,and otherwise exploit the collected Usage Data only if such data(i)has been anonymized by VFA or its designee;or(ii)is aggregated with Usage Data from other Clients. For the avoidance of doubt,such anonymized and aggregated Usage Data will be considered a part of Resultant Data as set forth in the Agreement.Resultant Data is used by VFA to compile statistical,performance information for creation and development of products,product improvements,product creation,and product marketing.VFA is the sole owner of all right,title,and interest in and to Resultant Data and any conclusions,impressions,understandings,insights,process improvements,or other information derived,extracted,or otherwise obtained by VFA from Resultant Data,and the Resultant Data shall be owned exclusively by VFA with all rights thereto,which shall be deemed VFA's Intellectual Property for purposes of this Agreement. 5. COMBINATION. Resultant Data and data obtained from other sources may be combined ("Combined Data")either by VFA or by a third-party data analysis vendor and stored either at an VFA-controlled repository or a third-party repository in any form of structured,raw,or other data format.Combined Data in any form may be used by VFA for any lawful purpose.VFA is the sole owner of all right,title,and interest in and to the Combined Data and any analytics generated from the Combined Data,including the right to collect,use,publish,disseminate,sell,transfer,and otherwise exploit the Combined Data and analytics,which shall be deemed VFA's Intellectual Property for purposes of this Agreement. 6. TRANSPORT,SECURITY,AND STORAGE.Except for data collected and transported directly from a sensor,Combined Data may be transported by VFA to a remote or third-party vendor site.VFA shall take steps to ensure transport of the data is secure,including the use of various encryption technologies and other security measures. Further security shall include maintaining adequate physical controls and password protections for any server or system on which data is stored,and any other measures reasonably necessary to prevent any use or disclosure of data other than as allowed under this Agreement. 7. AFFILIATION.Client hereby agrees that in the event VFA is divested,sold,separated,or otherwise no longer affiliated with,or under common control of,its parent company,a copy of all data including Resultant Data shall remain with the parent company along with all the same rights, title and obligations as VFA set forth herein. 12 Exhibit D: California Consumer Privacy Act Data Processing Provisions These CCPA Data Processing Provisions(the"CCPA Provisions")set forth the terms and conditions relating to compliance with the California Consumer Privacy Act of 2018,Cal.Civil Code§1798.100 et seq.,("CCPA")and related regulations,as may be amended from time to time.The CCPA Provisions shall only apply and bind the Parties if and to the extent Client is a Business under the CCPA.These CCPA Provisions prevail over any conflicting terms of the Agreement,but does not otherwise modify the Agreement.All capitalized terms used in these CCPA Provisions that are not otherwise defined herein or in the Agreement shall have the meanings set forth in the CCPA. 1. VFA shall process Personal Information only as necessary for the purposes of performing the services under this Agreement on behalf of Client. VFA shall not(i) sell any Personal Information received from Client; or(ii) retain, use, or disclose the Personal Information provided by or collected on behalf of Client for any purpose other than for the specific purpose of performing the services specified in the Agreement,including retaining,using,or disclosing the Personal Information for a commercial purpose other than providing the services specified in this Agreement. 2. VFA shall not respond to any requests related to Personal Information processed on behalf of Client other than to inform the requestor that VFA is not authorized to directly respond to a request,and recommend the requestor submit the request directly to Client. 13 Attachment B SELF-DEALING TRANSACTION DISCLOSURE FORM In order to conduct business with the County of Fresno (hereinafter referred to as "County'), members of a contractor's board of directors (hereinafter referred to as "County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest" The definition above will be utilized for purposes of completing this disclosure form. INSTRUCTIONS (1) Enter board member's name,job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. (5) Form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). Paged (1)Company Board Member Information: Name: Date: Job Title: (2)Company/Agency Name and Address: (3)Disclosure(Please describe the nature of the self-dealing transaction you are a party to): (4)Explain why this self-dealing transaction is consistent with the requirements of Corporations Code 5233(a): (5)Authorized Signature Signature: Date: Page12 Attachment C 1 A. Definitions. 2 Capitalized terms used in this Attachment C have the meanings set forth in this section A. 3 "Authorized Employees" means CONTRACTOR's employees who have access to Personal 4 Information. 5 "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of 6 CONTRACTOR's subcontractors, representatives, agents, outsourcers, and consultants, and providers of 7 professional services to CONTRACTOR, who have access to Personal Information and are bound by law 8 or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the 9 terms of this Attachment C. 10 "Director" means COUNTY's Director of Internal Services-Chief Information Officer or his or her 11 designee. 12 "Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or 13 otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or 14 by electronic or any other means to any person. 15 "Person" means any natural person, corporation, partnership, limited liability company, firm, or 16 association. 17 "Personal Information" means any and all information, including any data, identified in the SOW 18 as necessary to be provided, or to which access is necessary to be provided, to CONTRACTOR by or upon 19 the authorization of COUNTY, under this Agreement in order for CONTRACTOR to properly perform the 20 services, which may include but is not limited to vital records, that: (i) identifies, describes, or relates to, or is 21 associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person 22 (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e- 23 mail addresses, education, financial matters, employment history, and other unique identifiers, as well as 24 statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a 25 person (including, without limitation, employee identification numbers, government-issued identification 26 numbers, passwords or personal identification numbers (PINs), financial account numbers, credit report 27 information, answers to security questions, and other personal identifiers); or is personal information within 28 the meaning of California Civil Code section 1798.3, subdivision (a), or 1798.80, subdivision (e). Personal C-1 1 Information does not include publicly available information that is lawfully made available to the general 2 public from federal, state, or local government records. 3 "Privacy Practices Complaint" means a complaint received by COUNTY relating to 4 CONTRACTOR's (or any Authorized Person's) privacy practices, or alleging a Security Breach. Such 5 complaint shall have sufficient detail to enable CONTRACTOR to promptly investigate and take remedial 6 action under this Attachment C. 7 "Security Safeguards" means physical, technical, administrative or organizational security 8 procedures and practices put in place by CONTRACTOR (or any Authorized Persons)that relate to the 9 protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards 10 shall satisfy the minimal requirements set forth in subsection C.(5) of this Attachment C. 11 "Security Breach" means (i) any act or omission that compromises either the security, 12 confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or(ii) any 13 unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or 14 damage to, any Personal Information. 15 "Use" or any derivative thereof means to receive, acquire, collect, apply, manipulate, employ, 16 process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. 17 B. Standard of Care. 18 (1) CONTRACTOR acknowledges that, in the course of its engagement by COUNTY under this 19 Agreement, CONTRACTOR, or any Authorized Persons, may Use Personal Information only as permitted 20 in this Agreement. 21 (2) CONTRACTOR acknowledges that Personal Information is deemed to be confidential 22 information of, or owned by, COUNTY (or persons from whom COUNTY receives or has received Personal 23 Information) and is not confidential information of, or owned or by, CONTRACTOR, or any Authorized 24 Persons. CONTRACTOR further acknowledges that all right, title, and interest in or to the Personal 25 Information remains in COUNTY (or persons from whom COUNTY receives or has received Personal 26 Information) regardless of CONTRACTOR's, or any Authorized Person's, Use of that Personal Information. 27 (3) CONTRACTOR agrees and covenants in favor of COUNTY that CONTRACTOR shall: (i) keep 28 and maintain all Personal Information in strict confidence, using such degree of care under this Subsection C-2 1 B as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal Information exclusively for 2 the purposes for which the Personal Information is made accessible to CONTRACTOR pursuant to the 3 terms of this Attachment C; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Personal 4 Information for CONTRACTOR's own purposes or for the benefit of anyone other than COUNTY, without 5 COUNTY's express prior written consent, which the COUNTY may give or withhold in its sole and absolute 6 discretion; and (iv) not, directly or indirectly, Disclose Personal Information to any person (an "Unauthorized 7 Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior 8 written consent. 9 Notwithstanding the foregoing paragraph, in any case in which CONTRACTOR believes it, or any 10 Authorized Person, is required to disclose Personal Information to government regulatory authorities, or 11 pursuant to a legal proceeding, or otherwise as may be required by applicable law, Contractor shall (a) 12 immediately notify COUNTY of the specific demand for, and legal authority for the disclosure, including 13 providing County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received 14 by CONTRACTOR, or any Authorized Person, from any government regulatory authorities, or in relation to 15 any legal proceeding, and (b) promptly notify COUNTY before such Personal Information is offered by 16 CONTRACTOR for such disclosure so that COUNTY may have sufficient time to obtain a court order or 17 take any other action COUNTY may deem necessary to protect the Personal Information from such 18 disclosure, and CONTRACTOR shall cooperate with COUNTY to minimize the scope of such disclosure of 19 such Personal Information. 20 CONTRACTOR shall remain liable to COUNTY for the actions and omissions of any Unauthorized 21 Third Party concerning its Use of such Personal Information as if they were CONTRACTOR's own actions 22 and omissions. 23 C. Information Security. 24 (1) CONTRACTOR covenants, represents and warrants to COUNTY that Contractor's Use of 25 Personal Information under this Agreement does and shall at all times comply with all federal, state, and 26 local, privacy and data protection laws, as well as all other applicable regulations and directives, including 27 but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and 28 the Song-Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with C-3 1 section 1747), to the extent as such laws, regulations and directives apply to CONTRACTOR. 2 (2) CONTRACTOR covenants, represents and warrants to COUNTY that, as of the Effective Date, 3 CONTRACTOR has not received notice of any violation of any privacy or data protection laws, as well as 4 any other applicable regulations or directives, and is not the subject of any pending legal action or 5 investigation by, any government regulatory authority regarding same. 6 (3) Without limiting CONTRACTOR's obligations under subsection C.(1) of this Attachment C, 7 CONTRACTOR's (or Authorized Person's) Security Safeguards with respect to the Personal Information 8 shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) 9 limiting Use of Personal Information strictly to CONTRACTOR's and Authorized Persons' technical and 10 administrative personnel who are necessary for the CONTRACTOR's, or Authorized Persons', Use of the 11 Personal Information pursuant to this Agreement; (ii) ensuring that all of CONTRACTOR's connectivity to 12 County computing systems will only be through COUNTY's security gateways and firewalls, and only 13 through security procedures permitted under the SOW or otherwise approved upon the express prior 14 written consent of the Director; (iii)to the extent that they contain or provide access to Personal Information, 15 (a) taking reasonable measures to secure CONTRACTOR's business facilities, data centers, paper files, 16 servers, back-up systems and computing equipment, operating systems, and software applications, 17 including, but not limited to, all mobile devices and other equipment, operating systems, and software 18 applications with information storage capability (collectively, "Contractor Facilities and Equipment"); (b) 19 employing adequate controls and data security measures with respect to Contractor Facilities and 20 Equipment), both internally and externally, to protect (1)the Personal Information from potential loss or 21 misappropriation, or unauthorized Use, and (2)the COUNTY's operations from disruption and abuse; (c) 22 having and maintaining reasonable network, device application, database and platform security; (d) 23 maintaining authentication and access controls within media, computing equipment, operating systems, 24 and software applications; and (e) installing and maintaining in all mobile, wireless, or handheld devices a 25 secure internet connection, having continuously updated anti-virus software protection and a remote wipe 26 feature always enabled in accordance with CONTRACTOR's then-current security policies; (iv) encrypting 27 all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 28 bit or higher(a) stored on any mobile devices, including but not limited to hard disks, portable storage C-4 1 devices, or remote installation, or(b) transmitted over public or wireless networks (the encrypted Personal 2 Information must be subject to password or pass phrase, and be stored on a secure server and transferred 3 by means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of which 4 is subject to express prior written consent of the Director); (v) strictly segregating Personal Information from 5 all other information of CONTRACTOR, including any Authorized Person, or anyone with whom 6 CONTRACTOR or any Authorized Person deals so that Personal Information is not commingled with any 7 other types of information; (vi) having a patch management process including installation of all operating 8 system/software vendor security patches; (vii) maintaining appropriate personnel security and integrity 9 procedures and practices, including, but not limited to, conducting background checks of Authorized 10 Employees consistent with applicable law; and (viii) providing appropriate privacy and information security 11 training to Authorized Employees. 12 (4) During the term of each Authorized Employee's employment by CONTRACTOR, 13 CONTRACTOR shall require such Authorized Employees to abide strictly by CONTRACTOR's obligations 14 under this Attachment C. CONTRACTOR further agrees that it shall maintain a disciplinary process to 15 address any unauthorized Use of Personal Information by any Authorized Employees. 16 (5) CONTRACTOR shall, in a secure manner, backup daily, or more frequently if it is 17 CONTRACTOR's practice to do so more frequently, Personal Information received from COUNTY, and the 18 COUNTY shall have immediate, real time access, at all times, to such backups via a secure, remote access 19 connection provided by CONTRACTOR, through the Internet. 20 (6) If required pursuant to the SOW or otherwise agreed in a change order, and subject to any 21 additional terms set forth therein, CONTRACTOR shall provide COUNTY with the name and contact 22 information for each Authorized Employee (including such Authorized Employee's work shift, and at least 23 one alternate Authorized Employee for each Authorized Employee during such work shift) who shall serve 24 as COUNTY's primary security contact with CONTRACTOR and shall be available to assist COUNTY 25 twenty-four (24) hours per day, seven (7) days per week as a contact in resolving CONTRACTOR's and 26 any Authorized Persons' obligations associated with a Security Breach or a Privacy Practices Complaint. 27 (7) CONTRACTOR shall not knowingly include or authorize any Trojan Horse, back door, time 28 bomb, drop dead device, worm, virus, or other code of any kind that may disable, erase, display any C-5 1 unauthorized message or otherwise impair the System Software, with or without the intent to cause harm. 2 D. Security Breach Procedures. 3 (1) Promptly, and without undue delay, upon CONTRACTOR's confirmation of a Security Breach, 4 CONTRACTOR shall (a) notify the Director of the Security Breach, such notice to be given first by 5 telephone at the following telephone number, followed promptly by email at the following email address: 6 (559) 600-6200/servicedesk@fresnocountyca.gov (which telephone number and email address COUNTY 7 may update by providing notice to CONTRACTOR), and (b) preserve all relevant evidence (and cause any 8 affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The 9 notification shall include, to the extent reasonably possible, the identification of each type and the extent of 10 Personal Information that has been, or is reasonably believed to have been, breached, including but not 11 limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or 12 destruction, corruption, or damage. 13 (2) Immediately following CONTRACTOR's notification to COUNTY of a Security Breach, as 14 provided pursuant to subsection D.(1) of this Attachment C, the Parties shall coordinate with each other to 15 investigate the Security Breach. CONTRACTOR agrees to reasonably cooperate with COUNTY (the cost 16 to be split by both parties, unless the Security Breach was caused by CONTRACTOR'S material failure to 17 comply with its obligation under this Attachment C, in which case it shall be at CONTRACTOR's expense), 18 including, without limitation: (i) assisting COUNTY in conducting any investigation; (ii) providing COUNTY 19 with physical access to the facilities and operations affected; (iii)facilitating interviews with Authorized 20 Persons and any of CONTRACTOR's other employees knowledgeable of the matter; and (iv) making 21 available all relevant records, logs, files, data reporting and other materials required to comply with 22 applicable law, regulation, industry standards, or as otherwise reasonably required by COUNTY. To that 23 end, CONTRACTOR shall, with respect to a Security Breach caused by CONTRACTOR'S material failure 24 to comply with its obligations under this Attachment C, be solely responsible, at its cost, for all notifications 25 required by law and regulation, and CONTRACTOR shall provide a written report of the investigation and 26 reporting required to the Director within thirty (30) days after the CONTRACTOR's discovery of the Security 27 Breach. 28 (3) County shall promptly notify CONTRACTOR of the Director's knowledge, or reasonable belief, of C-6 1 any Privacy Practices Complaint, and upon CONTRACTOR's receipt of notification thereof, 2 CONTRACTOR shall promptly address such Privacy Practices Complaint, including taking any corrective 3 action under this Attachment C, all at CONTRACTOR's sole expense if the Privacy Practices Complaint 4 was due to CONTRACTOR'S material failure to comply with its obligations under this Attachment C, in 5 accordance with applicable privacy rights, laws, regulations and standards. In the event CONTRACTOR 6 discovers a Security Breach, CONTRACTOR shall treat the Privacy Practices Complaint as a Security 7 Breach. Within seventy-two (72) hours of CONTRACTOR's receipt of notification of such Privacy Practices 8 Complaint, CONTRACTOR shall notify COUNTY whether the matter is a Security Breach, or otherwise has 9 been corrected and the manner of correction, or determined not to require corrective action and the reason 10 therefor, in each case subject to the provisions of the security breach procedures set forth herein. 11 (4) CONTRACTOR shall take prompt corrective action to respond to and remedy any Security 12 Breach and take reasonable mitigating actions, including but not limiting to, preventing any reoccurrence of 13 the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at 14 CONTRACTOR's sole expense if the Security Breach was caused by CONTRACTOR'S material failure to 15 comply with its obligations under this Attachment C, in accordance with applicable privacy rights, laws, 16 regulations and standards. If the Security Breach was caused by CONTRACTOR'S material failure to 17 comply with its obligations under this Attachment C, CONTRACTOR shall, in addition to its other 18 obligations under this Attachment C, reimburse COUNTY for the following reasonable costs incurred by 19 COUNTY in responding to, and mitigating the Security Breach, to the extent applicable: (1)the cost of 20 providing affected individuals with credit monitoring services for a specific period not to exceed twelve (12) 21 months, to the extent the incident could lead to a compromise of the data subject's credit or credit standing; 22 (2) call center support for such affected individuals for a specific period not to exceed thirty (30) days; and 23 (3)the cost of any measures required under applicable laws. 24 25 E. Oversight of Security Compliance. 26 (1) CONTRACTOR shall have and maintain a written information security policy that specifies 27 Security Safeguards appropriate to the size and complexity of CONTRACTOR's operations and the nature 28 and scope of its activities. C-7 1 (2) Upon COUNTY's reasonably prior written request and not more than once during the term of the 2 Agreement, to confirm CONTRACTOR's compliance with this Attachment C, as well as any applicable 3 laws, regulations and industry standards, CONTRACTOR grants COUNTY or, upon COUNTY's election, a 4 third party on COUNTY's behalf(who shall not be a competitor of CONTRACTOR), permission to perform 5 an assessment, audit, examination or review of all controls in CONTRACTOR's physical and technical 6 environment in relation to all Personal Information that is Used by CONTRACTOR pursuant to this 7 Agreement, with the final scope of such audit to be mutually agreed by the CONTRACTOR and the 8 COUNTY in advance of the audit. CONTRACTOR shall reasonably cooperate with such assessment, audit 9 or examination, as applicable, by providing COUNTY or the third party on COUNTY's behalf, access to all 10 Authorized Employees and other knowledgeable personnel, physical premises, documentation, 11 infrastructure and application software that is Used by CONTRACTOR for Personal Information pursuant to 12 this Agreement. In addition, CONTRACTOR shall provide COUNTY with the results of any audit by or on 13 behalf of CONTRACTOR that assesses the effectiveness of CONTRACTOR's information security program 14 as relevant to the security and confidentiality of Personal Information Used by CONTRACTOR or 15 Authorized Persons during the course of this Agreement under this Attachment C. The COUNTY or third 16 party performing the audit shall comply with CONTRACTOR's applicable security policies and procedure 17 when conducting such audit, and in no event shall the COUNTY or THIRD PARTY be permitted to access 18 the information of any other CONTRACTOR customer. 19 (3) CONTRACTOR shall ensure that all Authorized Persons who Use Personal Information agree to 20 the same restrictions and conditions in this Attachment C. that apply to CONTRACTOR with respect to 21 such Personal Information by incorporating the relevant provisions of these provisions into a valid and 22 binding written agreement between CONTRACTOR and such Authorized Persons, or amending any 23 written agreements to provide same. 24 F. Return or Destruction of Personal Information. 25 Upon the termination of this Agreement, CONTRACTOR shall, and shall instruct all Authorized 26 Persons to, promptly return to COUNTY all Personal Information, whether in written, electronic or other 27 form or media, in its possession or the possession of such Authorized Persons, in a machine readable form 28 used by COUNTY at the time of such return, or upon the express prior written consent of the Director, C-8 1 securely destroy all such Personal Information, and certify in writing (e-mail permissible) to the COUNTY 2 that such Personal Information have been returned to COUNTY or disposed of securely, as applicable. If 3 CONTRACTOR is authorized to dispose of any such Personal Information, as provided in this Attachment 4 C, such certification shall state the date, time, and manner (including standard) of disposal and by whom, 5 specifying the title of the individual. CONTRACTOR shall comply with all reasonable directions provided by 6 the Director with respect to the return or disposal of Personal Information and copies thereof. If return or 7 disposal of such Personal Information or copies of Personal Information is not feasible, CONTRACTOR 8 shall notify COUNTY according, specifying the reason, and continue to extend the protections of this 9 Attachment C to all such Personal Information and copies of Personal Information. CONTRACTOR shall 10 not retain any copy of any Personal Information after returning or disposing of Personal Information as 11 required by this section F. CONTRACTOR's obligations under this section F survive the termination of this 12 Agreement and apply to all Personal Information that CONTRACTOR retains if return or disposal is not 13 feasible and to all Personal Information that CONTRACTOR may later discover. 14 G. Equitable Relief. 15 CONTRACTOR acknowledges that any breach of its covenants or obligations set forth in this 16 Attachment C may cause COUNTY irreparable harm for which monetary damages would not be adequate 17 compensation and agrees that, in the event of such breach or threatened breach, COUNTY is entitled to 18 seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief 19 that may be available from any court, in addition to any other remedy to which COUNTY may be entitled at 20 law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other 21 remedies available to COUNTY at law or in equity or under this Agreement. 22 H. Indemnification. 23 CONTRACTOR shall defend, indemnify and hold harmless COUNTY, its officers, employees, and 24 agents, (each, a "COUNTY Indemnitee")from and against any and all damages, costs or expenses of 25 whatever kind, including attorneys' fees and costs, awarded by a court pursuant to an award, final 26 judgment, or settlement as a result of any third party claim or action against any COUNTY Indemnitee 27 resulting from CONTRACTOR's, its officers, employees, or agents, or any Authorized Employee's or 28 Authorized Person's, negligence or willful misconduct in the performance or failure to perform under this C-9 1 Attachment C. In the event of any such claim, the COUNTY shall provide prompt written notice of the claim, 2 CONTRACTOR shall have the right to control the defense of the claim, and provisions of Section 11.C. of 3 the Agreement shall continue to apply. The provisions of this section H do not apply to the acts or 4 omissions of COUNTY. The provisions of this section H are cumulative to any other obligation of 5 CONTRACTOR to, defend, indemnify, or hold harmless any COUNTY Indemnity under this Agreement. 6 The provisions of this section H shall survive the termination of this Agreement. I. Survival. 7 The respective rights and obligations of CONTRACTOR and COUNTY as stated in this Attachment 8 C shall survive the termination of this Agreement. 9 J. No Third Party Beneficiary. 10 Nothing express or implied in the provisions of in this Attachment C is intended to confer, nor shall 11 anything herein confer, upon any person other than COUNTY or CONTRACTOR and their respective 12 successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 13 L. No County Warranty. 14 COUNTY does not make any warranty or representation whether any Personal Information in 15 CONTRACTOR's (or any Authorized Person's) possession or control, or Use by CONTRACTOR (or any 16 Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or 17 a Security Breach or Privacy Practices Complaint. 18 19 20 21 22 23 24 25 26 27 28 C-10